Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-07 CVE-2021-33903 Unspecified vulnerability in Lancom-Systems Lcos 10.42.0473
In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access.
network
low complexity
lancom-systems
8.8
2021-10-07 CVE-2021-35067 Authentication Bypass by Capture-replay vulnerability in Meross Msg100 Firmware
Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message).
network
low complexity
meross CWE-294
8.1
2021-10-07 CVE-2021-41794 Classic Buffer Overflow vulnerability in Open5Gs
ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow.
network
low complexity
open5gs CWE-120
7.5
2021-10-07 CVE-2021-40978 Path Traversal vulnerability in Mkdocs 1.2.2
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information.
network
low complexity
mkdocs CWE-22
7.5
2021-10-07 CVE-2021-41770 XXE vulnerability in Pingidentity Pingfederate
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.
network
low complexity
pingidentity CWE-611
7.5
2021-10-07 CVE-2021-42054 Out-of-bounds Read vulnerability in Accel-Ppp 1.12.0
ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication.
network
low complexity
accel-ppp CWE-125
7.5
2021-10-07 CVE-2021-26556 Untrusted Search Path vulnerability in Octopus Deploy
When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.
local
low complexity
octopus CWE-426
7.8
2021-10-07 CVE-2021-26557 Untrusted Search Path vulnerability in Octopus Tentacle
When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.
local
low complexity
octopus CWE-426
7.8
2021-10-06 CVE-2020-21649 Server-Side Request Forgery (SSRF) vulnerability in Myucms Project Myucms 2.2
Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method.
network
low complexity
myucms-project CWE-918
8.1
2021-10-06 CVE-2020-21650 Code Injection vulnerability in Myucms Project Myucms 2.2
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method.
network
low complexity
myucms-project CWE-94
8.8