Security Vulnerabilities - CVEs Published In September 2021
phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-09-08
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version 8.14.0 before 8.19.0.
CVSS Score
5.5
EPSS Score
0.005
Published
2021-09-08
A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS Score
7.2
EPSS Score
0.031
Published
2021-09-07
An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-09-07
The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-09-07
A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-09-07
A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-09-07
A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-09-07
Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. There are no workaround for this vulnerability.
CVSS Score
8.1
EPSS Score
0.003
Published
2021-09-07
Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-09-07