Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-09-09 CVE-2021-28911 Incorrect Authorization vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g.
network
low complexity
bab-technologie CWE-863
critical
10.0
2021-09-09 CVE-2021-28912 Weak Password Requirements vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3
BAB TECHNOLOGIE GmbH eibPort V3.
network
low complexity
bab-technologie CWE-521
critical
9.0
2021-09-09 CVE-2021-28913 Missing Authentication for Critical Function vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique 'eibPort String' which acts as the root SSH key passphrase.
network
low complexity
bab-technologie CWE-306
critical
10.0
2021-09-09 CVE-2021-39296 Improper Authentication vulnerability in Openbmc-Project Openbmc 2.9.0
In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system.
network
low complexity
openbmc-project CWE-287
critical
10.0
2021-09-09 CVE-2021-39459 OS Command Injection vulnerability in Redaxo 5.12.1
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.
network
low complexity
redaxo CWE-78
critical
9.0
2021-09-09 CVE-2021-40222 OS Command Injection vulnerability in Rittal CMC PU III 7030.000 Firmware 3.11.002/3.15.704
Rittal CMC PU III Web management Version affected: V3.11.00_2.
network
low complexity
rittal CWE-78
critical
9.0
2021-09-09 CVE-2021-1933 Improper Validation of Array Index vulnerability in Qualcomm products
UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
network
low complexity
qualcomm CWE-129
critical
10.0
2021-09-09 CVE-2021-1946 NULL Pointer Dereference vulnerability in Qualcomm products
Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
network
low complexity
qualcomm CWE-476
critical
10.0
2021-09-08 CVE-2020-19138 Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
network
low complexity
dotcms CWE-434
critical
10.0
2021-09-08 CVE-2021-21103 Access of Memory Location After End of Buffer vulnerability in Adobe Illustrator
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file.
network
adobe CWE-788
critical
9.3