Security Vulnerabilities - CVEs Published In August 2021
IEC104 v1.0 contains a stack-buffer overflow in the parameter Iec10x_Sta_Addr.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-31
A heap buffer-overflow in the client_example1.c component of libiec_iccp_mod v1.5 leads to a denial of service (DOS).
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-31
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-08-31
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-31
VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-31
Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-08-31
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-08-31
Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-08-31
A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-31
detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-08-31
Page 1