Security Vulnerabilities - CVEs Published In May 2021
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.
CVSS Score
8.0
EPSS Score
0.001
Published
2021-05-26
IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793.
CVSS Score
6.5
EPSS Score
0.0
Published
2021-05-26
COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-05-26
COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-05-26
Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.
CVSS Score
9.8
EPSS Score
0.025
Published
2021-05-26
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-05-26
jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-05-26
Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-05-26
Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.008
Published
2021-05-26
CVE-2021-21985
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2021-05-26