Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-29 CVE-2021-41874 Unspecified vulnerability in Portainer
An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information.
network
low complexity
portainer
7.5
2021-10-29 CVE-2021-41645 Unrestricted Upload of File with Dangerous Type vulnerability in Oretnom23 Budget and Expense Tracker System 1.0
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field.
network
low complexity
oretnom23 CWE-434
8.8
2021-10-29 CVE-2021-41675 Unrestricted Upload of File with Dangerous Type vulnerability in E-Negosyo System Project E-Negosyo System 1.0
A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei.
network
low complexity
e-negosyo-system-project CWE-434
7.2
2021-10-29 CVE-2021-41186 Unspecified vulnerability in Fluentd
Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure.
network
low complexity
fluentd
7.5
2021-10-29 CVE-2021-22037 Uncontrolled Search Path Element vulnerability in VMWare Installbuilder
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command.
local
low complexity
vmware CWE-427
7.8
2021-10-29 CVE-2021-22038 Use of Insufficiently Random Values vulnerability in VMWare Installbuilder
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory).
network
low complexity
vmware CWE-330
8.8
2021-10-29 CVE-2021-31624 Classic Buffer Overflow vulnerability in Tendacn AC9 Firmware
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter.
low complexity
tendacn CWE-120
8.8
2021-10-29 CVE-2021-31627 Classic Buffer Overflow vulnerability in Tendacn AC9 Firmware
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter.
low complexity
tendacn CWE-120
8.8
2021-10-29 CVE-2021-25742 A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
network
low complexity
kubernetes netapp
7.1
2021-10-28 CVE-2020-23546 Unspecified vulnerability in Irfanview 4.54
IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981.
local
low complexity
irfanview
7.8