Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-07 | CVE-2021-33903 | Unspecified vulnerability in Lancom-Systems Lcos 10.42.0473 In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. | 8.8 |
2021-10-07 | CVE-2021-35067 | Authentication Bypass by Capture-replay vulnerability in Meross Msg100 Firmware Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message). | 8.1 |
2021-10-07 | CVE-2021-41794 | Classic Buffer Overflow vulnerability in Open5Gs ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. | 7.5 |
2021-10-07 | CVE-2021-40978 | Path Traversal vulnerability in Mkdocs 1.2.2 The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. | 7.5 |
2021-10-07 | CVE-2021-41770 | XXE vulnerability in Pingidentity Pingfederate Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. | 7.5 |
2021-10-07 | CVE-2021-42054 | Out-of-bounds Read vulnerability in Accel-Ppp 1.12.0 ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication. | 7.5 |
2021-10-07 | CVE-2021-26556 | Untrusted Search Path vulnerability in Octopus Deploy When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. | 7.8 |
2021-10-07 | CVE-2021-26557 | Untrusted Search Path vulnerability in Octopus Tentacle When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. | 7.8 |
2021-10-06 | CVE-2020-21649 | Server-Side Request Forgery (SSRF) vulnerability in Myucms Project Myucms 2.2 Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method. | 8.1 |
2021-10-06 | CVE-2020-21650 | Code Injection vulnerability in Myucms Project Myucms 2.2 Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method. | 8.8 |