Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-02-23 CVE-2021-26680 Command Injection vulnerability in Arubanetworks Clearpass Policy Manager
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1.
network
low complexity
arubanetworks CWE-77
critical
9.0
2021-02-23 CVE-2021-26679 Command Injection vulnerability in Arubanetworks Clearpass Policy Manager
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1.
network
low complexity
arubanetworks CWE-77
critical
9.0
2021-02-22 CVE-2021-26724 OS Command Injection vulnerability in Nozominetworks Central Management Control and Guardian
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution.
network
low complexity
nozominetworks CWE-78
critical
9.0
2021-02-22 CVE-2021-26068 Injection vulnerability in Atlassian Jira
An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability.
network
low complexity
atlassian CWE-74
critical
9.0
2021-02-22 CVE-2021-3120 Unrestricted Upload of File With Dangerous Type vulnerability in Yithemes Woocommerce Gift Cards
An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server.
network
low complexity
yithemes CWE-434
critical
10.0
2021-02-22 CVE-2020-21224 Argument Injection OR Modification vulnerability in Inspur Clusterengine 4.0
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0.
network
low complexity
inspur CWE-88
critical
10.0
2021-02-22 CVE-2020-11170 Classic Buffer Overflow vulnerability in Qualcomm products
Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-120
critical
10.0
2021-02-22 CVE-2020-11163 Improper Validation of Array Index vulnerability in Qualcomm products
Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
network
low complexity
qualcomm CWE-129
critical
10.0
2021-02-22 CVE-2021-3149 OS Command Injection vulnerability in Netshieldcorp Nano 25 Firmware 10.2.18
On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely.
network
low complexity
netshieldcorp CWE-78
critical
9.0
2021-02-19 CVE-2020-12873 Injection vulnerability in Atlassian Alfresco Enterprise Content Management
An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1.
network
low complexity
atlassian CWE-74
critical
9.0