Security Vulnerabilities - CVEs Published In June 2021
Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-06-07
Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-06-07
Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-06-07
An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-06-07
An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-06-07
An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected.
CVSS Score
6.5
EPSS Score
0.0
Published
2021-06-07
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member".
CVSS Score
8.8
EPSS Score
0.004
Published
2021-06-07
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member".
CVSS Score
8.8
EPSS Score
0.004
Published
2021-06-07
Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php."
CVSS Score
6.1
EPSS Score
0.092
Published
2021-06-07
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.
CVSS Score
5.3
EPSS Score
0.004
Published
2021-06-07