Fresh IT Vulnerabilities @vulnbot@schleuss.online

#introductions This bot is posting IT vulnerabilities from all over the web - usually refreshes every few minutes with new stories. If you would like to see more sites included, write to the maintainer @emanuel - you might also be interested in @itsecbot

[webapps] Moodle 3.9 - Remote Code Execution (RCE) (Authenticated) - Moodle 3.9 - Remote Code Execution (RCE) (Authenticated) - https://www.exploit-db.com/exploits/50180

[webapps] GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload (Unauthenticated) - GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload (Unauthenticated) - https://www.exploit-db.com/exploits/50181

[webapps] CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting (XSS) (Authenticated) - CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting (XSS) (Authenticated) - https://www.exploit-db.com/exploits/50179

CVE-2021-36803 - Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scrip... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36803

CVE-2021-36802 - Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is trigg... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36802

CVE-2021-36805 - Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scrip... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36805

CVE-2021-3539 - EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vu... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3539

CVE-2021-36804 - Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36804

CVE-2021-36801 - Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the u... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36801

CVE-2021-36800 - Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36800

CVE-2021-31869 - Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the s... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31869

CVE-2021-31867 - Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based bl... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31867

CVE-2020-22352 - The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attackers to cause a denia... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22352

CVE-2021-38115 - read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows r... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38115

CVE-2021-38114 - libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc funct... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38114

CVE-2020-24829 - An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-bas... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24829

CVE-2021-32464 - An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32464

CVE-2021-20028 - ** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Command leading to SQL I... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20028

CVE-2021-24014 - Multiple instances of improper neutralization of input during web page generation vulnera... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24014

CVE-2021-38113 - In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inser... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38113