Security Vulnerabilities - CVEs Published In 2021
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-11-08
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-11-08
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-11-08
PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the site.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-11-08
A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)
CVSS Score
7.5
EPSS Score
0.002
Published
2021-11-08
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-11-08
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service.
CVSS Score
8.8
EPSS Score
0.119
Published
2021-11-08
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code.
CVSS Score
8.8
EPSS Score
0.009
Published
2021-11-08
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all valid usernames.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-11-08
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials.
CVSS Score
7.1
EPSS Score
0.009
Published
2021-11-08