Security Vulnerabilities - CVEs Published In July 2021
A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-07-17
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.
CVSS Score
8.2
EPSS Score
0.004
Published
2021-07-16
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
CVSS Score
7.0
EPSS Score
0.003
Published
2021-07-16
Microsoft Defender Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.011
Published
2021-07-16
Windows Hello Security Feature Bypass Vulnerability
CVSS Score
5.7
EPSS Score
0.003
Published
2021-07-16
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS Score
7.1
EPSS Score
0.018
Published
2021-07-16
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p><strong>UPDATE</strong> August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see <a href="https://support.microsoft.com/help/5005652">KB5005652</a>.</p>
CVSS Score
8.8
EPSS Score
0.304
Published
2021-07-16
A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.001
Published
2021-07-16
Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.
CVSS Score
6.8
EPSS Score
0.0
Published
2021-07-16
A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-07-16