Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-13 | CVE-2021-44154 | Classic Buffer Overflow vulnerability in Reprisesoftware Reprise License Manager An issue was discovered in Reprise RLM 14.2. | 7.2 |
| 2021-12-13 | CVE-2018-25021 | Improper Resource Shutdown or Release vulnerability in Toktok Toxcore The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS). | 7.5 |
| 2021-12-12 | CVE-2021-41805 | Incorrect Authorization vulnerability in Hashicorp Consul HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. | 8.8 |
| 2021-12-10 | CVE-2021-41242 | Path Traversal vulnerability in Frentix Openolat OpenOlat is a web-basedlearning management system. | 8.1 |
| 2021-12-10 | CVE-2021-26340 | Unspecified vulnerability in AMD products A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM). | 8.4 |
| 2021-12-10 | CVE-2021-27984 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.15 In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files. | 8.1 |
| 2021-12-10 | CVE-2021-31745 | Session Fixation vulnerability in Pluck-Cms Pluck 4.7.15 Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. | 7.5 |
| 2021-12-10 | CVE-2021-29214 | Unspecified vulnerability in HP Storeserv Management Console A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). | 7.2 |
| 2021-12-10 | CVE-2021-37935 | Information Exposure vulnerability in Huntflow Enterprise An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. | 7.5 |
| 2021-12-10 | CVE-2021-37188 | Insufficient Verification of Data Authenticity vulnerability in Digi products An issue was discovered on Digi TransPort devices through 2021-07-21. | 8.8 |