Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-15 | CVE-2021-41148 | SQL Injection vulnerability in Enalean Tuleap 11.151/11.161 Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. | 8.8 |
| 2021-10-15 | CVE-2021-37737 | SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. | 8.8 |
| 2021-10-15 | CVE-2021-40999 | Command Injection vulnerability in Arubanetworks Clearpass Policy Manager A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. | 7.2 |
| 2021-10-14 | CVE-2021-38295 | Cross-site Scripting vulnerability in Apache Couchdb In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. | 7.3 |
| 2021-10-14 | CVE-2021-42340 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. | 7.5 |
| 2021-10-14 | CVE-2021-36388 | Authorization Bypass Through User-Controlled Key vulnerability in Yellowfinbi Yellowfin In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4". | 7.5 |
| 2021-10-14 | CVE-2021-36389 | Authorization Bypass Through User-Controlled Key vulnerability in Yellowfinbi Yellowfin In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4". | 7.5 |
| 2021-10-14 | CVE-2021-42369 | SQL Injection vulnerability in Zucchetti Imagicle UC Suite Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. | 8.8 |
| 2021-10-14 | CVE-2021-42228 | Cross-Site Request Forgery (CSRF) vulnerability in Kindsoft Kindeditor A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html. | 8.8 |
| 2021-10-14 | CVE-2021-37933 | Injection vulnerability in Huntflow Enterprise An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. | 7.5 |