Security Vulnerabilities - CVEs Published In August 2021
A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the vulnerability in the HPE Edgeline Infrastructure Manager (EIM).
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-05
An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-08-05
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-08-05
Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
CVSS Score
4.3
EPSS Score
0.0
Published
2021-08-05
XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-05
A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3. The paths provided in the f, d, and dir parameters in tce_filemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link which, if triggered by an administrator, could result in the attacker hijacking the victim's session or performing actions on their behalf.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-08-05
A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. The paths provided in the f, d, and dir parameters in tce_select_mediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link which, if triggered by an administrator, could result in the attacker hijacking the victim's session or performing actions on their behalf.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-08-05
Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-05
An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to a disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-08-05
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read two bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-08-05