Security Vulnerabilities - CVEs Published In August 2021
A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.1
EPSS Score
0.031
Published
2021-08-13
A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.1
EPSS Score
0.031
Published
2021-08-13
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet.
CVSS Score
9.8
EPSS Score
0.001
Published
2021-08-13
An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-13
An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of any variable area.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-13
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-08-13
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.012
Published
2021-08-13
An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-08-13
The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it triggers a code path that will download a configuration file from a specified remote machine over HTTP. There is an XXE flaw in processing of this configuration file that allows reading local (to macOS) files and uploading them to remote machines.
CVSS Score
9.1
EPSS Score
0.012
Published
2021-08-13
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-13