Security Vulnerabilities - CVEs Published In August 2021
CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-10
CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-08-10
CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-08-10
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
CVSS Score
8.1
EPSS Score
0.004
Published
2021-08-10
A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.
CVSS Score
5.5
EPSS Score
0.006
Published
2021-08-10
A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives.
CVSS Score
5.5
EPSS Score
0.005
Published
2021-08-10
An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.
CVSS Score
3.8
EPSS Score
0.001
Published
2021-08-10
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability.
CVSS Score
8.3
EPSS Score
0.007
Published
2021-08-10
Due to improper input validation in InfraBox, logs can be modified by an authenticated user.
CVSS Score
4.3
EPSS Score
0.004
Published
2021-08-10
SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity.
CVSS Score
6.1
EPSS Score
0.006
Published
2021-08-10