Security Vulnerabilities, CVEs, Published In August 2021 CVSS score >= 6
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
Max CVSS
7.5
EPSS Score
0.32%
Published
2021-08-31
Updated
2022-11-07
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.
Max CVSS
6.1
EPSS Score
0.13%
Published
2021-08-29
Updated
2021-09-01
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.
Max CVSS
9.8
EPSS Score
0.49%
Published
2021-08-29
Updated
2021-09-01
Zoho ManageEngine Log360 before Build 5225 allows stored XSS.
Max CVSS
6.1
EPSS Score
0.13%
Published
2021-08-29
Updated
2021-09-01
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
Max CVSS
9.8
EPSS Score
4.87%
Published
2021-08-29
Updated
2021-09-01
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
Max CVSS
8.8
EPSS Score
0.12%
Published
2021-08-29
Updated
2021-09-01
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.
Max CVSS
8.8
EPSS Score
0.12%
Published
2021-08-29
Updated
2021-09-01
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.
Max CVSS
8.8
EPSS Score
0.12%
Published
2021-08-29
Updated
2021-09-01
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.
Max CVSS
8.1
EPSS Score
0.75%
Published
2021-08-27
Updated
2023-05-30
EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198.
Max CVSS
9.8
EPSS Score
0.20%
Published
2021-08-26
Updated
2021-09-07
gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.
Max CVSS
7.5
EPSS Score
0.21%
Published
2021-08-26
Updated
2024-04-11
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.
Max CVSS
7.5
EPSS Score
0.37%
Published
2021-08-27
Updated
2022-09-03
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.
Max CVSS
6.5
EPSS Score
0.11%
Published
2021-08-31
Updated
2022-06-13
opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysusers (a program with the same specification) does not do that.
Max CVSS
9.8
EPSS Score
0.54%
Published
2021-08-25
Updated
2022-07-12
Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof).
Max CVSS
7.5
EPSS Score
0.19%
Published
2021-08-25
Updated
2021-08-30
D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Max CVSS
10.0
EPSS Score
0.45%
Published
2021-08-23
Updated
2024-04-11
D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values.
Max CVSS
9.8
EPSS Score
0.45%
Published
2021-08-23
Updated
2021-08-30
D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Max CVSS
9.8
EPSS Score
0.45%
Published
2021-08-23
Updated
2024-04-11
Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code.
Max CVSS
9.0
EPSS Score
2.99%
Published
2021-08-23
Updated
2021-09-14
A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file, which could let a remote malicious user cause a Denial of Service.
Max CVSS
6.5
EPSS Score
0.06%
Published
2021-08-23
Updated
2021-08-30
Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-08-23
Updated
2021-08-30
An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters.
Max CVSS
9.8
EPSS Score
0.26%
Published
2021-08-24
Updated
2021-09-01
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell metacharacters.
Max CVSS
9.8
EPSS Score
0.26%
Published
2021-08-24
Updated
2021-09-01
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter.
Max CVSS
8.8
EPSS Score
0.09%
Published
2021-08-24
Updated
2021-08-31
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter.
Max CVSS
8.8
EPSS Score
0.09%
Published
2021-08-24
Updated
2021-09-14