Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2021
The ECDSA operation of the micro-ecc library 1.0 is vulnerable to simple power analysis attacks which allows an adversary to extract the private ECC key.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-05-20
Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-05-20
There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-05-20
There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-05-20
rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-05-20
In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-05-20
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
CVSS Score
7.5
EPSS Score
0.009
Published
2021-05-20
In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-05-20
In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
CVSS Score
7.5
EPSS Score
0.001
Published
2021-05-20
In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-05-20


Contact Us

Shodan ® - All rights reserved