Security Vulnerabilities - CVEs Published In August 2021
The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution.
CVSS Score
9.8
EPSS Score
0.089
Published
2021-08-24
From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command is then executed using the same privileges as the application binary. This was addressed in version 0.10.0
CVSS Score
9.8
EPSS Score
0.059
Published
2021-08-24
This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge()
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-24
All versions of package startserver are vulnerable to Directory Traversal due to missing sanitization.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-24
The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-08-24
All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-08-24
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.
CVSS Score
8.1
EPSS Score
0.01
Published
2021-08-24
A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file, which could let a remote malicious user cause a Denial of Service.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-08-23
Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-23
Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
3.3
EPSS Score
0.031
Published
2021-08-23