Security Vulnerabilities - CVEs Published In November 2021
The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX.
CVSS Score
7.5
EPSS Score
0.007
Published
2021-11-30
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message
CVSS Score
6.5
EPSS Score
0.009
Published
2021-11-30
An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code.
CVSS Score
8.1
EPSS Score
0.009
Published
2021-11-30
IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042
CVSS Score
5.1
EPSS Score
0.0
Published
2021-11-30
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441.
CVSS Score
8.2
EPSS Score
0.0
Published
2021-11-30
IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace.
CVSS Score
5.1
EPSS Score
0.0
Published
2021-11-30
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-11-30
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-11-30
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-11-30
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-11-30