Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-25 | CVE-2021-29094 | Classic Buffer Overflow vulnerability in Esri Arcgis Server Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. | 6.8 |
| 2021-03-25 | CVE-2021-29093 | Use After Free vulnerability in Esri Arcgis Server A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. | 6.8 |
| 2021-03-25 | CVE-2021-29010 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter. | 3.5 |
| 2021-03-25 | CVE-2021-29009 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter. | 3.5 |
| 2021-03-25 | CVE-2021-29008 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "to_time" parameter. | 3.5 |
| 2021-03-25 | CVE-2021-27454 | Improper Privilege Management vulnerability in GE Reason Dr60 Firmware The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1). | 4.6 |
| 2021-03-25 | CVE-2021-27452 | Use of Hard-coded Credentials vulnerability in GE Mu320E Firmware The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1). | 7.8 |
| 2021-03-25 | CVE-2021-27450 | Inadequate Encryption Strength vulnerability in GE Mu320E Firmware SSH server configuration file does not implement some best practices. | 4.6 |
| 2021-03-25 | CVE-2021-27448 | Improper Privilege Management vulnerability in GE Mu320E Firmware A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1). | 4.6 |
| 2021-03-25 | CVE-2021-27440 | Use of Hard-coded Credentials vulnerability in GE Reason Dr60 Firmware The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | 9.8 |