Security Vulnerabilities - CVEs Published In August 2021
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-11
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).
CVSS Score
8.1
EPSS Score
0.002
Published
2021-08-11
In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588).
CVSS Score
8.1
EPSS Score
0.006
Published
2021-08-11
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).
CVSS Score
5.5
EPSS Score
0.001
Published
2021-08-11
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.
CVSS Score
7.8
EPSS Score
0.004
Published
2021-08-11
Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify fields that are shown in the front end. Update to Contao 4.4.56, 4.9.18 or 4.11.7 to resolve. If you cannot update then disable the login for untrusted back end users.
CVSS Score
7.2
EPSS Score
0.008
Published
2021-08-11
Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form generator. All users are advised to update to Contao 4.4.56, 4.9.18 or 4.11.7. As a workaround users may disable the form generator or disable the login for untrusted back end users.
CVSS Score
8.0
EPSS Score
0.005
Published
2021-08-11
tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific MassDM message. Issue is patched in commit 92325be650a6c17940cc52611797533ed95dbbe1. All users are advised to update to the current commit. As a workaround users may unload the MassDM cog or globally disable the `[p]massdm` command.
CVSS Score
7.1
EPSS Score
0.002
Published
2021-08-11
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted data at the end of a string.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-08-11
NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-08-11