Security Vulnerabilities - CVEs Published In June 2021
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-06-04
BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-06-04
Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls Metasys version 11.0 and prior versions.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-06-04
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-06-04
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions after 2.0.5a are affected.)
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-04
aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-06-04
A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake.
CVSS Score
8.0
EPSS Score
0.004
Published
2021-06-04
Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-04
A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "AES_UnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake.
CVSS Score
8.0
EPSS Score
0.01
Published
2021-06-04
In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-06-04