Security Vulnerabilities - CVEs Published In June 2021
The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers to retrieve all databases.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-06-02
The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases.
CVSS Score
7.5
EPSS Score
0.013
Published
2021-06-02
aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-06-02
A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity.
CVSS Score
7.1
EPSS Score
0.002
Published
2021-06-02
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-06-02
A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. It could lead to potentially lose of confidentiality, integrity or availability of a service.
CVSS Score
5.6
EPSS Score
0.001
Published
2021-06-02
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.
CVSS Score
6.5
EPSS Score
0.009
Published
2021-06-02
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.
CVSS Score
6.5
EPSS Score
0.009
Published
2021-06-02
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.
CVSS Score
6.5
EPSS Score
0.016
Published
2021-06-02
Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-06-02