Security Vulnerabilities - CVEs Published In May 2021
In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.
CVSS Score
9.8
EPSS Score
0.072
Published
2021-05-18
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-05-18
An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage
CVSS Score
4.3
EPSS Score
0.001
Published
2021-05-18
Epic Games / Psyonix Rocket League <=1.95 is affected by Buffer Overflow. Stack-based buffer overflow occurs when Rocket League handles UPK object files that can result in code execution and denial of service scenario.
CVSS Score
7.8
EPSS Score
0.006
Published
2021-05-18
A stack-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c:513:28, which could cause a denial of service by submitting a malicious jpeg image.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-05-18
A heap based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c (line 544 & line 545), which could cause a denial of service by submitting a malicious jpeg image.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-05-18
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-05-18
TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scripting (XSS) or information disclosure.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-05-18
Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.
CVSS Score
6.5
EPSS Score
0.008
Published
2021-05-18
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVSS Score
6.5
EPSS Score
0.008
Published
2021-05-18