Security Vulnerabilities - CVEs Published In July 2021
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.
CVSS Score
8.8
EPSS Score
0.025
Published
2021-07-01
A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-07-01
An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs.
CVSS Score
8.8
EPSS Score
0.012
Published
2021-07-01
Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to the F4-SNC.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-07-01
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-07-01
When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame, the outside area of a receive buffer for FL-net are overwritten. As a result, the PLC CPU detects a system error, and the affected products stop.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-07-01
Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability in the Tieline Web Administrative Interface could allow an unauthenticated user to access a sensitive part of the system with a high privileged account.
CVSS Score
9.8
EPSS Score
0.884
Published
2021-07-01
There is a Missing Cryptographic Step vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS of Samgr.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-07-01
There is a Configuration Defect vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability.
CVSS Score
9.1
EPSS Score
0.002
Published
2021-07-01
There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-07-01