Security Vulnerabilities - CVEs Published In 2021
Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file.
CVSS Score
3.3
EPSS Score
0.011
Published
2021-12-07
A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-12-07
An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application.
CVSS Score
4.2
EPSS Score
0.001
Published
2021-12-07
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
CVSS Score
7.5
EPSS Score
0.007
Published
2021-12-07
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-12-07
A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-12-07
A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-12-07
A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-12-07
An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability (when processing remote input in the log files downloaded by an authenticated administrator user), leading to the ability to read arbitrary files on the server filesystems.
CVSS Score
4.9
EPSS Score
0.002
Published
2021-12-07
A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-12-07