Security Vulnerabilities - CVEs Published In April 2021
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.
CVSS Score
7.8
EPSS Score
0.015
Published
2021-04-19
IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.
CVSS Score
6.0
EPSS Score
0.002
Published
2021-04-19
A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files.
CVSS Score
7.8
EPSS Score
0.007
Published
2021-04-19
The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leading to a denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-04-19
A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.
CVSS Score
7.8
EPSS Score
0.493
Published
2021-04-19
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.
CVSS Score
7.8
EPSS Score
0.003
Published
2021-04-19
The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-04-19
An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure.
CVSS Score
7.8
EPSS Score
0.003
Published
2021-04-19
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-04-19
Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be used to connect to the web management interface. Knowledge of authorization credentials to the management interface is required to perform any further actions.
CVSS Score
5.9
EPSS Score
0.008
Published
2021-04-19