Security Vulnerabilities - CVEs Published In July 2021
There is an invalid memory access bug in cgif.c that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-07-21
There is a floating point exception in ReadImage that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-07-21
Integer overflow vulnerability in Mat_VarReadNextInfo5 in mat5.c in tbeu matio (aka MAT File I/O Library) 1.5.17, allows attackers to cause a Denial of Service or possibly other unspecified impacts.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-07-21
Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-07-21
An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-07-21
Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session's authentication token which was also passed in at iframe creation time. The issue is patched in Collabora Online 6.4.9-5. Collabora Online 4.2 is not affected.
CVSS Score
7.3
EPSS Score
0.002
Published
2021-07-21
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.
CVSS Score
7.2
EPSS Score
0.004
Published
2021-07-21
An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4.70. An attacker in the local network is able to achieve Remote Code Execution (with user privileges of the local user) on any device that tries to connect to a WePresent presentation system.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-07-21
An issue has been found in function vfprintf in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow.
CVSS Score
5.5
EPSS Score
0.003
Published
2021-07-21
An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow .
CVSS Score
5.5
EPSS Score
0.003
Published
2021-07-21