Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-23 | CVE-2021-26680 | Command Injection vulnerability in Arubanetworks Clearpass Policy Manager A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. | 9.0 |
| 2021-02-23 | CVE-2021-26679 | Command Injection vulnerability in Arubanetworks Clearpass Policy Manager A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. | 9.0 |
| 2021-02-22 | CVE-2021-26724 | OS Command Injection vulnerability in Nozominetworks Central Management Control and Guardian OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. | 9.0 |
| 2021-02-22 | CVE-2021-26068 | Injection vulnerability in Atlassian Jira An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability. | 9.0 |
| 2021-02-22 | CVE-2021-3120 | Unrestricted Upload of File With Dangerous Type vulnerability in Yithemes Woocommerce Gift Cards An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. | 10.0 |
| 2021-02-22 | CVE-2020-21224 | Argument Injection OR Modification vulnerability in Inspur Clusterengine 4.0 A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. | 10.0 |
| 2021-02-22 | CVE-2020-11170 | Classic Buffer Overflow vulnerability in Qualcomm products Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 10.0 |
| 2021-02-22 | CVE-2020-11163 | Improper Validation of Array Index vulnerability in Qualcomm products Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 10.0 |
| 2021-02-22 | CVE-2021-3149 | OS Command Injection vulnerability in Netshieldcorp Nano 25 Firmware 10.2.18 On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely. | 9.0 |
| 2021-02-19 | CVE-2020-12873 | Injection vulnerability in Atlassian Alfresco Enterprise Content Management An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. | 9.0 |