Security Vulnerabilities - CVEs Published In August 2021
GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-08-10
In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.
CVSS Score
5.9
EPSS Score
0.004
Published
2021-08-10
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
CVSS Score
7.5
EPSS Score
0.022
Published
2021-08-10
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS.
CVSS Score
3.7
EPSS Score
0.003
Published
2021-08-10
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-08-10
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-10
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
CVSS Score
9.8
EPSS Score
0.009
Published
2021-08-10
Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unauthorized attacker or malware to takeover legitimate apps and to steal user's sensitive information.
CVSS Score
7.6
EPSS Score
0.039
Published
2021-08-10
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability.
CVSS Score
8.3
EPSS Score
0.007
Published
2021-08-10
A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-08-10