From DHS/US-CERT’s National Vulnerability Database
CVE-2021-26804
PUBLISHED: 2021-05-04
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to “.gif”, then uploading it in the “Administration/ Parameters/ Images” section of the application.
CVE-2020-21999
PUBLISHED: 2021-05-04
iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the ‘strInIP’ POST parameter in pingTest PHP script.
CVE-2020-4987
PUBLISHED: 2021-05-04
IBM FlashSystem 900 1.5.2.9 and 1.6.1.3 user management GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. …
CVE-2021-21551
PUBLISHED: 2021-05-04
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
CVE-2021-29477
PUBLISHED: 2021-05-04
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The p…
