Security Vulnerabilities - CVEs Published In November 2021
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-11-10
DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-11-10
A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-11-10
3D Viewer Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.014
Published
2021-11-10
3D Viewer Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.056
Published
2021-11-10
CVE-2021-42321
Microsoft Exchange Server Remote Code Execution Vulnerability
Known exploited
CVSS Score
8.8
EPSS Score
0.933
Published
2021-11-10
Visual Studio Code Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.002
Published
2021-11-10
Azure RTOS Information Disclosure Vulnerability
CVSS Score
3.3
EPSS Score
0.01
Published
2021-11-10
Microsoft Exchange Server Spoofing Vulnerability
CVSS Score
6.5
EPSS Score
0.101
Published
2021-11-10
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.014
Published
2021-11-10