Security Vulnerabilities - CVEs Published In August 2021
A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution.
CVSS Score
9.8
EPSS Score
0.034
Published
2021-08-06
index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 allows XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-06
index.php/appointment/todos in Chikitsa Patient Management System 2.0.0 allows XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-06
index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-08-06
An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-08-06
Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters.
CVSS Score
4.6
EPSS Score
0.002
Published
2021-08-06
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-05
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-08-05
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
CVSS Score
3.3
EPSS Score
0.0
Published
2021-08-05
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
CVSS Score
8.0
EPSS Score
0.0
Published
2021-08-05