Security Vulnerabilities - CVEs Published In May 2021
IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. This information could be used in further attacks against the system. IBM X-Force ID: 199918.
CVSS Score
3.1
EPSS Score
0.002
Published
2021-05-21
Emissary is a distributed, peer-to-peer, data-driven workflow framework. Emissary 6.4.0 is vulnerable to Unsafe Deserialization of post-authenticated requests to the [`WorkSpaceClientEnqueue.action`](https://github.com/NationalSecurityAgency/emissary/blob/30c54ef16c6eb6ed09604a929939fb9f66868382/src/main/java/emissary/server/mvc/internal/WorkSpaceClientEnqueueAction.java) REST endpoint. This issue may lead to post-auth Remote Code Execution. This issue has been patched in version 6.5.0. As a workaround, one can disable network access to Emissary from untrusted sources.
CVSS Score
7.2
EPSS Score
0.031
Published
2021-05-21
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server.
CVSS Score
7.2
EPSS Score
0.004
Published
2021-05-21
An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges.
CVSS Score
6.5
EPSS Score
0.015
Published
2021-05-21
An information disclosure vulnerability was discovered in alipay_function.php in the log file of Alibaba payment interface on PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will allow attackers to obtain users' personally identifiable information including e-mail address and telephone numbers.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-05-21
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().
CVSS Score
9.1
EPSS Score
0.004
Published
2021-05-21
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
CVSS Score
9.1
EPSS Score
0.003
Published
2021-05-21
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().
CVSS Score
9.8
EPSS Score
0.004
Published
2021-05-21
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
CVSS Score
9.1
EPSS Score
0.002
Published
2021-05-21
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
CVSS Score
9.1
EPSS Score
0.001
Published
2021-05-21