Security Vulnerabilities - CVEs Published In August 2021
Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code.
CVSS Score
7.2
EPSS Score
0.142
Published
2021-08-23
Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function.
CVSS Score
5.4
EPSS Score
0.006
Published
2021-08-23
A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-23
A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.
CVSS Score
7.5
EPSS Score
0.007
Published
2021-08-23
A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-08-23
NVCaffe's python required dependencies list used to contain `gfortran`version prior to 0.17.4, entry which does not exist in the repository pypi.org. An attacker could potentially have posted malicious files to pypi.org causing a user to install it within NVCaffe.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-08-23
A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-23
There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions include: S12700 V200R013C00SPC500, V200R019C00SPC500; S5700 V200R013C00SPC500, V200R019C00SPC500; S6700 V200R013C00SPC500, V200R019C00SPC500; S7700 V200R013C00SPC500, V200R019C00SPC500.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-08-23
There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-08-23
A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers
CVSS Score
6.5
EPSS Score
0.003
Published
2021-08-23