Security Vulnerabilities - CVEs Published In 2021
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.
CVSS Score
9.8
EPSS Score
0.022
Published
2021-12-30
mruby is vulnerable to NULL Pointer Dereference
CVSS Score
6.8
EPSS Score
0.003
Published
2021-12-30
Microsoft SharePoint Elevation of Privilege Vulnerability
CVSS Score
8.8
EPSS Score
0.01
Published
2021-12-29
ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn't have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override the stack cookie causing the service to crash.
CVSS Score
6.1
EPSS Score
0.0
Published
2021-12-29
This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.
CVSS Score
7.5
EPSS Score
0.02
Published
2021-12-29
In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to account takeover when accessed by the victim.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-12-29
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-12-29
vim is vulnerable to Use After Free
CVSS Score
6.8
EPSS Score
0.002
Published
2021-12-29
Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx code and the webroot location , information an attacker can leverage to further compromise the host.
CVSS Score
7.1
EPSS Score
0.002
Published
2021-12-29
Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-29