Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-16 | CVE-2021-27483 | Incorrect Permission Assignment for Critical Resource vulnerability in Zoll Defibrillator Dashboard ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user. | 7.8 |
| 2021-06-16 | CVE-2021-27485 | Unspecified vulnerability in Zoll Defibrillator Dashboard ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser. | 7.5 |
| 2021-06-16 | CVE-2021-20094 | Out-of-bounds Read vulnerability in multiple products A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. | 7.5 |
| 2021-06-16 | CVE-2021-27489 | Unspecified vulnerability in Zoll Defibrillator Dashboard ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. | 8.8 |
| 2021-06-16 | CVE-2021-30468 | Infinite Loop vulnerability in multiple products A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. | 7.5 |
| 2021-06-16 | CVE-2021-32612 | Cleartext Transmission of Sensitive Information vulnerability in I-Doo Veryfitpro 3.2.8 The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. | 8.1 |
| 2021-06-16 | CVE-2021-33813 | XXE vulnerability in multiple products An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | 7.5 |
| 2021-06-16 | CVE-2021-21441 | Cross-site Scripting vulnerability in Otrs There is a XSS vulnerability in the ticket overview screens. | 7.5 |
| 2021-06-15 | CVE-2021-28857 | Insufficiently Protected Credentials vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2 TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. | 7.5 |
| 2021-06-15 | CVE-2021-30544 | Use After Free vulnerability in multiple products Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |