Security Vulnerabilities - CVEs Published In 2021
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could inject arbitrary shell commands which would be executed on the affected system. IBM X-Force ID: 214958.
CVSS Score
8.1
EPSS Score
0.023
Published
2021-12-13
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.
CVSS Score
8.2
EPSS Score
0.03
Published
2021-12-13
The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-12-13
CPAN 2.28 allows Signature Verification Bypass.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-12-13
The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-12-13
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.005
Published
2021-12-13
In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.
CVSS Score
4.4
EPSS Score
0.001
Published
2021-12-13
Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates
CVSS Score
4.3
EPSS Score
0.002
Published
2021-12-13
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error.
CVSS Score
3.1
EPSS Score
0.003
Published
2021-12-13
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-12-13