Security Vulnerabilities - CVEs Published In August 2021
Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-08-11
SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier.
CVSS Score
9.8
EPSS Score
0.01
Published
2021-08-10
A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-08-10
An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-10
An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling (aka HRS) can occur, potentially leading to credential disclosure.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-10
A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-08-10
A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-08-10
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.
CVSS Score
9.1
EPSS Score
0.087
Published
2021-08-10
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-10
A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.
CVSS Score
5.5
EPSS Score
0.006
Published
2021-08-10