Security Vulnerabilities - CVEs Published In August 2021
Adobe Dimension version 3.4 (and earlier) is affected by an Uncontrolled Search Path Element element. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.057
Published
2021-08-20
An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosure of sensitive information.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-08-20
An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues.
CVSS Score
6.8
EPSS Score
0.02
Published
2021-08-20
A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks.
CVSS Score
7.7
EPSS Score
0.002
Published
2021-08-20
Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9.
CVSS Score
3.1
EPSS Score
0.003
Published
2021-08-20
SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address.
CVSS Score
7.7
EPSS Score
0.002
Published
2021-08-20
Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions.
CVSS Score
7.7
EPSS Score
0.003
Published
2021-08-20
A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter.
CVSS Score
7.5
EPSS Score
0.83
Published
2021-08-20
Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-20
Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-20