Security Vulnerabilities - CVEs Published In June 2021
PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger this condition by an external attacker, but it is a security bug in PostSRSd nevertheless."
CVSS Score
5.3
EPSS Score
0.001
Published
2021-06-28
Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-28
Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-06-28
SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-06-28
Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download.
CVSS Score
8.6
EPSS Score
0.006
Published
2021-06-28
Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-06-28
IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196212.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-06-28
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to crash. IBM X-Force ID: 197882.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-06-28
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199247.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-06-28
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199249.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-06-28