Security Vulnerabilities - CVEs Published In May 2021
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-05-13
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-05-13
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
CVSS Score
10.0
EPSS Score
0.001
Published
2021-05-13
In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped.
CVSS Score
9.4
EPSS Score
0.004
Published
2021-05-13
An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-05-13
TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs.
CVSS Score
5.3
EPSS Score
0.004
Published
2021-05-13
A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.
CVSS Score
3.3
EPSS Score
0.002
Published
2021-05-13
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.
CVSS Score
5.5
EPSS Score
0.003
Published
2021-05-13
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-05-13
In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device.
CVSS Score
8.6
EPSS Score
0.003
Published
2021-05-13