Security Vulnerabilities - CVEs Published In July 2021
Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS Score
7.5
EPSS Score
0.007
Published
2021-07-15
A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks.
CVSS Score
9.8
EPSS Score
0.023
Published
2021-07-14
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and was fixed in 3.1.3, 3.0.11, and 2.22.17. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-07-14
CVE-2021-35211
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
Known exploited
CVSS Score
9.0
EPSS Score
0.941
Published
2021-07-14
SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-07-14
An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-07-14
Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-07-14
An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-07-14
A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. Any wireless router using BCM4352 and BCM43684 will be affected, such as ASUS AX6100. An attacker may cause a Denial of Service (DoS) to any device connected to BCM4352 or BCM43684 routers via an association or reassociation frame.
CVSS Score
4.6
EPSS Score
0.001
Published
2021-07-14
Storage Spaces Controller Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.014
Published
2021-07-14