Security Vulnerabilities - CVEs Published In August 2021
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: DNS response processing functions: dns_upcall(), getoffset(), dnc_set_answer(). The attack vector is: a specific DNS response packet. The code does not check the "response data length" field of individual DNS answers, which may cause out-of-bounds read/write operations, leading to Information leak, Denial-or-Service, or Remote Code Execution, depending on the context.
CVSS Score
9.8
EPSS Score
0.06
Published
2021-08-18
In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-18
In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-08-18
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches the `Uninstall.exe` file in a folder that can be written by regular users. This could lead to a case where a malicious user creates a malicious `Uninstall.exe`, which would be executed with administrative privileges on the Nextcloud Desktop Client installation. This issue is fixed in Nextcloud Desktop Client version 3.3.0. As a workaround, do not allow untrusted users to create content in the `C:\` system folder and verify that there is no malicious `C:\Uninstall.exe` file on the system.
CVSS Score
7.3
EPSS Score
0.003
Published
2021-08-18
Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-18
A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.024
Published
2021-08-18
A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-18
A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-18
Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-18
liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-08-18