Security Vulnerabilities - CVEs Published In 2021
The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-17
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.
CVSS Score
7.1
EPSS Score
0.001
Published
2021-12-17
In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-12-17
In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-12-17
In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009.
CVSS Score
4.4
EPSS Score
0.0
Published
2021-12-17
In ccu driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827154; Issue ID: ALPS05827154.
CVSS Score
4.4
EPSS Score
0.0
Published
2021-12-17
Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files.
CVSS Score
4.4
EPSS Score
0.002
Published
2021-12-17
A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack.
CVSS Score
7.5
EPSS Score
0.068
Published
2021-12-17
A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before 6.32.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-12-17
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.
CVSS Score
4.9
EPSS Score
0.004
Published
2021-12-17