Security Vulnerabilities - CVEs Published In July 2021
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.
CVSS Score
6.1
EPSS Score
0.001
Published
2021-07-09
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-07-09
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-07-09
Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-07-09
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 200966.
CVSS Score
6.1
EPSS Score
0.001
Published
2021-07-09
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164.
CVSS Score
6.3
EPSS Score
0.003
Published
2021-07-09
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-07-09
Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-07-09
A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL, BMP, PSD or TIFF files. This vulnerability can be exploited to execute arbitrary code
CVSS Score
7.8
EPSS Score
0.003
Published
2021-07-09
A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by remote malicious actors to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.005
Published
2021-07-09