Security Vulnerabilities - CVEs Published In June 2021
CVE-2021-25394
A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.
Known exploited
CVSS Score
6.4
EPSS Score
0.006
Published
2021-06-11
Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0.6.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-06-11
IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192956.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-06-11
IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.
CVSS Score
4.0
EPSS Score
0.0
Published
2021-06-11
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial of Service (DoS) to the web server.
CVSS Score
5.3
EPSS Score
0.004
Published
2021-06-11
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.01
Published
2021-06-11
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-11
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-06-11
CVE-2021-26828
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
Known exploited
CVSS Score
8.8
EPSS Score
0.801
Published
2021-06-11
CVE-2021-26829
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.
Known exploited
CVSS Score
5.4
EPSS Score
0.174
Published
2021-06-11