Security Vulnerabilities - CVEs Published In August 2021
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-08-06
SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-08-06
In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_local_port parameter is passed directly to system.
CVSS Score
9.8
EPSS Score
0.131
Published
2021-08-06
In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system.
CVSS Score
9.8
EPSS Score
0.131
Published
2021-08-06
In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system.
CVSS Score
9.8
EPSS Score
0.131
Published
2021-08-06
In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-06
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
CVSS Score
6.5
EPSS Score
0.0
Published
2021-08-06
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
CVSS Score
6.1
EPSS Score
0.0
Published
2021-08-06
A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-08-06
Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accessed through /gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]. Among them, the code in [1] is a random string generated according to the user's login related information. It can protect the user's identity, but it can not effectively prevent unauthorized access. The code in [2] is the student number of any student. The attacker can carry out CSRF attack on the system by modifying [2] without modifying [1].
CVSS Score
8.8
EPSS Score
0.002
Published
2021-08-06