CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-32020 2021-05-03 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory.
2 CVE-2021-31996 2021-05-03 2021-05-03
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. There is a double free in merge_sort::merge().
3 CVE-2021-31164 2021-05-04 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.
4 CVE-2021-29478 190 Exec Code Overflow 2021-05-04 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command.
5 CVE-2021-29477 190 Exec Code Overflow 2021-05-04 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command.
6 CVE-2021-29369 Exec Code 2021-05-03 2021-05-03
0.0
None ??? ??? ??? ??? ??? ???
The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands.
7 CVE-2021-29242 2021-05-03 2021-05-03
0.0
None ??? ??? ??? ??? ??? ???
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
8 CVE-2021-29241 DoS 2021-05-03 2021-05-03
0.0
None ??? ??? ??? ??? ??? ???
CODESYS Gateway 3 before 3.5.17.0 has a NULL pointer dereference that may result in a denial of service (DoS).
9 CVE-2021-29240 2021-05-04 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.
10 CVE-2021-29239 Exec Code 2021-05-03 2021-05-03
0.0
None ??? ??? ??? ??? ??? ???
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.
11 CVE-2021-29238 CSRF 2021-05-03 2021-05-03
0.0
None ??? ??? ??? ??? ??? ???
CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).
12 CVE-2021-28860 DoS 2021-05-03 2021-05-03
0.0
None ??? ??? ??? ??? ??? ???
Node.js mixme 0.5.0, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).
13 CVE-2021-28359 XSS 2021-05-02 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).
14 CVE-2021-26804 Bypass 2021-05-04 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
15 CVE-2021-25631 2021-05-03 2021-05-03
0.0
None ??? ??? ??? ??? ??? ???
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.
16 CVE-2021-25179 XSS 2021-05-05 2021-05-05
0.0
None ??? ??? ??? ??? ??? ???
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.
17 CVE-2021-23383 2021-05-04 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
18 CVE-2021-23343 DoS 2021-05-04 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
19 CVE-2021-22547 2021-05-04 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
In IoT Devices SDK, there is an implementation of calloc() that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We recommend upgrading the Google Cloud IoT Device SDK for Embedded C used to 1.0.3 or greater.
20 CVE-2021-21551 DoS 2021-05-04 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
21 CVE-2021-21264 862 Exec Code Bypass 2021-05-03 2021-05-03
0.0
None ??? ??? ??? ??? ??? ???
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-26231 (fixed in 1.0.470/471 and 1.1.1) was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247. An authenticated backend user with the `cms.manage_pages`, `cms.manage_layouts`, or `cms.manage_partials` permissions who would **normally** not be permitted to provide PHP code to be executed by the CMS due to `cms.enableSafeMode` being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having `cms.enableSafeMode` enabled, but would be a problem for anyone relying on `cms.enableSafeMode` to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 472 (v1.0.472) and v1.1.2. As a workaround, apply https://github.com/octobercms/october/commit/f63519ff1e8d375df30deba63156a2fc97aa9ee7 to your installation manually if unable to upgrade to Build 472 or v1.1.2.
22 CVE-2021-3154 2021-05-04 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481.
23 CVE-2020-36334 CSRF 2021-05-05 2021-05-05
0.0
None ??? ??? ??? ??? ??? ???
themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database.
24 CVE-2020-36333 2021-05-05 2021-05-05
0.0
None ??? ??? ??? ??? ??? ???
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook.
25 CVE-2020-35758 Bypass 2021-05-03 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access privileged functionality. As such, it's possible to directly access APIs that should not be exposed to an unauthenticated user.
26 CVE-2020-35757 +Priv 2021-05-03 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface endpoint. Requests made to this endpoint do not require authentication. As such, any unauthenticated user who is able to access the web interface will be able to gain root privileges on the LS9 module.
27 CVE-2020-35756 +Info 2021-05-03 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service GETPASS Configuration Password Information Leak. The luci_service daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS command. As such, any unauthenticated person with access to port 7777 on the device will be able to leak the user's personal device configuration password by issuing the GETPASS command.
28 CVE-2020-35755 +Info 2021-05-03 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-category of commands for which Read_ is prepended. Commands in this category are able to directly read the contents of the device configuration NVRAM. The NVRAM contains sensitive information, such as the Wi-Fi password (in cleartext), as well as connected account tokens for services such as Spotify.
29 CVE-2020-28945 XSS 2021-05-03 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.
30 CVE-2020-27518 Exec Code 2021-05-04 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openvpn options to execute code as root/SYSTEM.
31 CVE-2020-23083 Exec Code +Priv 2021-05-03 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload".
32 CVE-2020-23015 2021-05-03 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website.
33 CVE-2020-22428 XSS 2021-05-05 2021-05-05
0.0
None ??? ??? ??? ??? ??? ???
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.
34 CVE-2020-21999 Exec Code 2021-05-04 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script.
35 CVE-2020-20247 DoS Mem. Corr. 2021-05-03 2021-05-03
0.0
None ??? ??? ??? ??? ??? ???
Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
36 CVE-2020-20218 DoS Mem. Corr. 2021-05-03 2021-05-03
0.0
None ??? ??? ??? ??? ??? ???
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
37 CVE-2020-4987 XSS 2021-05-04 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
IBM FlashSystem 900 1.5.2.9 and 1.6.1.3 user management GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192702.
Total number of vulnerabilities : 37   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.