Security Vulnerabilities - CVEs Published In July 2021
Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-07-19
Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL.
CVSS Score
9.6
EPSS Score
0.125
Published
2021-07-19
The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks.
CVSS Score
9.8
EPSS Score
0.021
Published
2021-07-19
The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the learning content.
CVSS Score
7.3
EPSS Score
0.007
Published
2021-07-19
The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in.
CVSS Score
9.8
EPSS Score
0.018
Published
2021-07-19
The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-07-19
The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-07-19
The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-07-19
The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.
CVSS Score
6.1
EPSS Score
0.058
Published
2021-07-19
The WP Image Zoom WordPress plugin before 1.47 did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard
CVSS Score
5.3
EPSS Score
0.003
Published
2021-07-19