Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-01 | CVE-2021-20864 | Unspecified vulnerability in Elecom products Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to start the telnet service and execute an arbitrary OS command via unspecified vectors. low complexity elecom | 8.8 |
| 2021-12-01 | CVE-2021-43358 | Unspecified vulnerability in SUN Ehrd 8/9 Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files. | 7.5 |
| 2021-12-01 | CVE-2021-40809 | Server-Side Request Forgery (SSRF) vulnerability in Jamf An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. | 8.8 |
| 2021-11-30 | CVE-2021-36328 | SQL Injection vulnerability in Dell EMC Streaming Data Platform Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. | 8.8 |
| 2021-11-30 | CVE-2021-41256 | Unspecified vulnerability in Nextcloud News nextcloud news-android is an Android client for the Nextcloud news/feed reader app. | 7.1 |
| 2021-11-30 | CVE-2021-40101 | Incorrect Permission Assignment for Critical Resource vulnerability in Concretecms Concrete CMS An issue was discovered in Concrete CMS before 8.5.7. | 7.2 |
| 2021-11-30 | CVE-2020-7880 | Improper Input Validation vulnerability in Douzone Neors 2021.3.10.1 The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. | 8.8 |
| 2021-11-30 | CVE-2021-43283 | OS Command Injection vulnerability in Govicture Wr1200 Firmware 1.0.3 An issue was discovered on Victure WR1200 devices through 1.0.3. | 8.8 |
| 2021-11-30 | CVE-2021-43284 | Use of Hard-coded Credentials vulnerability in Govicture Wr1200 Firmware 1.0.3 An issue was discovered on Victure WR1200 devices through 1.0.3. | 7.8 |
| 2021-11-30 | CVE-2021-43296 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0 Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. | 7.5 |