Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-19 | CVE-2021-40690 | All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. | 7.5 |
| 2021-09-19 | CVE-2021-41073 | Release of Invalid Pointer or Reference vulnerability in multiple products loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. | 7.8 |
| 2021-09-17 | CVE-2020-21547 | Out-of-bounds Write vulnerability in Libsixel Project Libsixel 1.8.2 Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. | 8.8 |
| 2021-09-17 | CVE-2020-21548 | Out-of-bounds Write vulnerability in Libsixel Project Libsixel 1.8.3 Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c. | 8.8 |
| 2021-09-17 | CVE-2021-41387 | Untrusted Search Path vulnerability in Seatd Project Seatd seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. | 8.8 |
| 2021-09-17 | CVE-2021-41390 | Injection vulnerability in Ericsson Enterprise Content Management 18.0 In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. | 8.0 |
| 2021-09-17 | CVE-2021-41383 | Command Injection vulnerability in Netgear R6020 Firmware 1.0.0.48 setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field. | 7.2 |
| 2021-09-17 | CVE-2021-38402 | Unspecified vulnerability in Deltaww Dopsoft 2.00.07 Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. | 7.8 |
| 2021-09-17 | CVE-2021-38404 | Unspecified vulnerability in Deltaww Dopsoft 2.00.07 Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. | 7.8 |
| 2021-09-17 | CVE-2021-38406 | Out-of-bounds Write vulnerability in Deltaww Dopsoft 2.00.07 Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. | 7.8 |