Security Vulnerabilities - CVEs Published In June 2021
There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, but may cause personal information leakage.
CVSS Score
3.3
EPSS Score
0.0
Published
2021-06-03
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
CVSS Score
5.3
EPSS Score
0.01
Published
2021-06-03
IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remote user to obtain sensitive information from HTTP requests that could aid in further attacks against the system. IBM X-Force ID: 195712.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-06-03
An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-06-03
The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-06-03
WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-06-03
Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-06-03
When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition
CVSS Score
7.5
EPSS Score
0.001
Published
2021-06-03
Mintty before 3.4.5 allows remote servers to cause a denial of service (Windows GUI hang) by telling the Mintty window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or similar delay upon processing a title change.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-06-03
The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization.
CVSS Score
9.8
EPSS Score
0.069
Published
2021-06-03