Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-15 CVE-2021-41148 SQL Injection vulnerability in Enalean Tuleap 11.151/11.161
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments.
network
low complexity
enalean CWE-89
8.8
2021-10-15 CVE-2021-37737 SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager
A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1.
network
low complexity
arubanetworks CWE-89
8.8
2021-10-15 CVE-2021-40999 Command Injection vulnerability in Arubanetworks Clearpass Policy Manager
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1.
network
low complexity
arubanetworks CWE-77
7.2
2021-10-14 CVE-2021-38295 Cross-site Scripting vulnerability in Apache Couchdb
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document.
local
low complexity
apache CWE-79
7.3
2021-10-14 CVE-2021-42340 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak.
network
low complexity
apache netapp debian oracle CWE-772
7.5
2021-10-14 CVE-2021-36388 Authorization Bypass Through User-Controlled Key vulnerability in Yellowfinbi Yellowfin
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".
network
low complexity
yellowfinbi CWE-639
7.5
2021-10-14 CVE-2021-36389 Authorization Bypass Through User-Controlled Key vulnerability in Yellowfinbi Yellowfin
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".
network
low complexity
yellowfinbi CWE-639
7.5
2021-10-14 CVE-2021-42369 SQL Injection vulnerability in Zucchetti Imagicle UC Suite
Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection.
network
low complexity
zucchetti CWE-89
8.8
2021-10-14 CVE-2021-42228 Cross-Site Request Forgery (CSRF) vulnerability in Kindsoft Kindeditor
A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.
network
low complexity
kindsoft CWE-352
8.8
2021-10-14 CVE-2021-37933 Injection vulnerability in Huntflow Enterprise
An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication.
network
low complexity
huntflow CWE-74
7.5