Security Vulnerabilities - CVEs Published In August 2021
Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-23
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVSS Score
5.9
EPSS Score
0.003
Published
2021-08-22
An XSS issue was discovered in ReCaptcha Solver 5.7. A response from Anti-Captcha.com, RuCaptcha.com, 2captcha.com, DEATHbyCAPTCHA.com, ImageTyperz.com, or BestCaptchaSolver.com in setCaptchaCode() is inserted into the DOM as HTML, resulting in full control over the user's browser by these servers.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-22
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVSS Score
5.9
EPSS Score
0.003
Published
2021-08-22
In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVSS Score
5.9
EPSS Score
0.003
Published
2021-08-22
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVSS Score
5.9
EPSS Score
0.004
Published
2021-08-22
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-08-22
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-08-21
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.1
EPSS Score
0.005
Published
2021-08-20
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.1
EPSS Score
0.005
Published
2021-08-20