Security Vulnerabilities - CVEs Published In 2021
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
6.6
EPSS Score
0.001
Published
2021-12-15
An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-12-15
yetiforcecrm is vulnerable to Business Logic Errors
CVSS Score
7.3
EPSS Score
0.002
Published
2021-12-15
Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.
CVSS Score
7.5
EPSS Score
0.016
Published
2021-12-15
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ReadXPM_W+0x0000000000000531.
CVSS Score
7.8
EPSS Score
0.003
Published
2021-12-15
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.
CVSS Score
7.5
EPSS Score
0.825
Published
2021-12-15
Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180.
CVSS Score
4.8
EPSS Score
0.004
Published
2021-12-15
An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously recorded signals. This lets an adversary, among other things, disarm an armed system.
CVSS Score
6.8
EPSS Score
0.002
Published
2021-12-15
The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the system.
CVSS Score
5.3
EPSS Score
0.004
Published
2021-12-15
Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user.
CVSS Score
7.8
EPSS Score
0.006
Published
2021-12-15