Security Vulnerabilities - CVEs Published In August 2021
Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4) comments\comments.php, 5) coupons\coupons.php, 6) feeds\feeds.php, 7) functions\functions.php, 8) items\items.php, 9) menus\menus.php, 10) orders\orders.php, 11) payment_methods\payment_methods.php, 12) products\products.php, 13) profiles\profiles.php, 14) shipping_methods\shipping_methods.php, 15) templates\templates.php, 16) users\users.php, 17) webdictionary\webdictionary.php, 18) websites\websites.php, and 19) webusers\webusers.php because the initial_url function is built in these files.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-06
A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-08-06
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-08-06
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-08-06
Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snap_file parameter in the /it-IT/splunkd/__raw/services/get_snapshot HTTP API endpoint. A ‘low privileged’ attacker can read any file on the target host.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-08-06
Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role.
CVSS Score
8.1
EPSS Score
0.002
Published
2021-08-06
In JetBrains TeamCity before 2020.2.3, XSS was possible.
CVSS Score
6.1
EPSS Score
0.0
Published
2021-08-06
In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects.
CVSS Score
8.8
EPSS Score
0.0
Published
2021-08-06
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-08-06
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-08-06