Security Vulnerabilities - CVEs Published In July 2021
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.
CVSS Score
7.5
EPSS Score
0.056
Published
2021-07-22
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-07-22
Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control.
CVSS Score
8.8
EPSS Score
0.242
Published
2021-07-22
Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, (2) Login function in the LoginContoller.LoginControllerCtrl.1 control, or (3) GetThumbnail function in the WESPPlayback.WESPPlaybackCtrl.1 control.
CVSS Score
8.8
EPSS Score
0.201
Published
2021-07-22
Multiple stack-based buffer overflows in WebGate eDVR Manager and Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) TCPDiscover or (2) TCPDiscover2 function in the WESPDiscovery.WESPDiscoveryCtrl.1 control.
CVSS Score
8.8
EPSS Score
0.027
Published
2021-07-22
Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the student information parameters to edit_stud.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-07-22
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-07-22
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-07-22
Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to save_user.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-07-22
SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-07-22