Security Vulnerabilities - CVEs Published In May 2021
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-05-27
A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.
CVSS Score
8.8
EPSS Score
0.01
Published
2021-05-27
A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-05-27
A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-05-27
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-05-27
A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service.
CVSS Score
6.5
EPSS Score
0.01
Published
2021-05-27
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-05-27
A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions.
CVSS Score
8.8
EPSS Score
0.022
Published
2021-05-27
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-05-27
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-05-27