Security Vulnerabilities - CVEs Published In August 2021
Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'.
CVSS Score
7.2
EPSS Score
0.03
Published
2021-08-20
An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-08-19
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-08-19
An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-08-19
A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128. NOTE: the vendor has disputed this as described in libyal/libexe issue 1 on GitHub
CVSS Score
3.3
EPSS Score
0.001
Published
2021-08-19
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-08-19
Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-19
In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-08-19
WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-08-19
WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-08-19