Security Vulnerabilities - CVEs Published In August 2021
Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-08-12
Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted packets.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-08-12
Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule).
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-12
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
CVSS Score
7.5
EPSS Score
0.089
Published
2021-08-12
An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021).
CVSS Score
3.3
EPSS Score
0.0
Published
2021-08-12
Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain. We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. The issue has been patched in release 11.1.0.
CVSS Score
6.9
EPSS Score
0.004
Published
2021-08-12
tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific membership event message. Issue is patched in commit d63c49b4cfc30c795336e4fff08cba3795e0fcc0. As a workaround users may unload the Welcome cog.
CVSS Score
7.1
EPSS Score
0.002
Published
2021-08-11
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).
CVSS Score
7.2
EPSS Score
0.006
Published
2021-08-11
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).
CVSS Score
7.2
EPSS Score
0.015
Published
2021-08-11
In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589).
CVSS Score
4.4
EPSS Score
0.001
Published
2021-08-11