Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-09 | CVE-2021-38723 | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.0 FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items | 8.8 |
| 2021-09-09 | CVE-2021-3761 | Out-of-bounds Write vulnerability in multiple products Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. | 7.5 |
| 2021-09-09 | CVE-2021-28498 | Insufficiently Protected Credentials vulnerability in Arista Metamako Operating System In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. | 7.8 |
| 2021-09-09 | CVE-2021-28493 | Improper Authentication vulnerability in Arista Metamako Operating System In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. | 7.8 |
| 2021-09-09 | CVE-2021-28494 | Improper Authentication vulnerability in Arista Metamako Operating System In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. | 8.8 |
| 2021-09-09 | CVE-2021-28497 | Unspecified vulnerability in Arista Metamako Operating System In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. | 7.8 |
| 2021-09-09 | CVE-2020-7874 | Download of Code Without Integrity Check vulnerability in Tobesoft Nexacro 14.0.0.0 Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. | 8.8 |
| 2021-09-09 | CVE-2021-26603 | Out-of-bounds Write vulnerability in Bandisoft ARK Library A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. | 7.8 |
| 2021-09-09 | CVE-2021-39459 | OS Command Injection vulnerability in Redaxo 5.12.1 Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code. | 7.2 |
| 2021-09-09 | CVE-2021-40222 | OS Command Injection vulnerability in Rittal CMC PU III 7030.000 Firmware 3.11.002/3.15.704 Rittal CMC PU III Web management Version affected: V3.11.00_2. | 7.2 |