Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-13 CVE-2021-20795 Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9
Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.
network
low complexity
cybozu CWE-352
8.8
2021-10-13 CVE-2021-20831 Cross-Site Request Forgery (CSRF) vulnerability in OG Tags Project OG Tags
Cross-site request forgery (CSRF) vulnerability in OG Tags versions prior to 2.0.2 allows a remote attacker to hijack the authentication of administrators and unintended operation may be performed via unspecified vectors.
network
low complexity
og-tags-project CWE-352
8.8
2021-10-13 CVE-2021-20833 Improper Certificate Validation vulnerability in Soda-Inc Snkrdunk
The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on and/or alter encrypted communication via a crafted certificate.
network
high complexity
soda-inc CWE-295
7.4
2021-10-12 CVE-2021-3321 Integer Underflow (Wrap or Wraparound) vulnerability in Zephyrproject Zephyr 2.4.0
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal.
low complexity
zephyrproject CWE-191
8.8
2021-10-12 CVE-2021-3330 Out-of-bounds Write vulnerability in Zephyrproject Zephyr 2.4.0
RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr.
low complexity
zephyrproject CWE-787
8.8
2021-10-12 CVE-2021-29645 Unspecified vulnerability in Hitachi products
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability.
local
low complexity
hitachi
7.8
2021-10-12 CVE-2021-38862 Inadequate Encryption Strength vulnerability in IBM Data Risk Manager 2.0.6
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2021-10-12 CVE-2021-39184 Missing Authorization vulnerability in Electronjs Electron
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
network
low complexity
electronjs CWE-862
8.6
2021-10-12 CVE-2021-35495 Unspecified vulnerability in Tibco Jasperreports Server
The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows an authenticated attacker with network access to obtain FTP server passwords for other users of the affected system.
network
low complexity
tibco
8.8
2021-10-12 CVE-2021-35496 XXE vulnerability in Tibco Jasperreports Server
The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component.
network
high complexity
tibco CWE-611
7.5