Security Vulnerabilities - CVEs Published In February 2021
This affects all versions of package macfromip. The injection point is located in line 66 in macfromip.js.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-02-08
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-08
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-08
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-08
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-08
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webifc_setadconfig function.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-08
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-08
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-08
This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-02-08
Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being exploited. There is no evidence this vulnerability impacts versions 1.x.x since the vulnerable method was added as part of the v2 rewrite. This vulnerability also impacts v2.x.x beta/alpha versions. Version 2.7.0 includes a patch for this vulnerability.
CVSS Score
7.2
EPSS Score
0.006
Published
2021-02-08