Security Vulnerabilities - CVEs Published In July 2021
An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-07-07
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-07-07
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.022
Published
2021-07-07
WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-07-07
WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-07-07
Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-07-07
Improper authorization in handler for custom URL scheme vulnerability in GU App for Android versions from 4.8.0 to 5.0.2 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-07-07
Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-07-07
Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-07-07
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-07-07