Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2020-7877 | Classic Buffer Overflow vulnerability in Mastersoft Zook Agent and Zook Viewer A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. | 8.8 |
| 2021-09-07 | CVE-2021-37218 | Improper Certificate Validation vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. | 8.8 |
| 2021-09-07 | CVE-2021-37219 | Improper Certificate Validation vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. | 8.8 |
| 2021-09-07 | CVE-2021-38615 | Unspecified vulnerability in Eigentech Natural Language Processing 3.10.1 In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information. | 8.1 |
| 2021-09-07 | CVE-2021-38616 | Unspecified vulnerability in Eigentech Natural Language Processing 3.10.1 In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. | 8.8 |
| 2021-09-07 | CVE-2021-38617 | Unspecified vulnerability in Eigentech Natural Language Processing 3.10.1 In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. | 8.8 |
| 2021-09-07 | CVE-2021-36162 | Unspecified vulnerability in Apache Dubbo Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). | 8.8 |
| 2021-09-07 | CVE-2021-28139 | Unspecified vulnerability in Espressif Esp-Idf The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload. low complexity espressif | 8.8 |
| 2021-09-07 | CVE-2021-38841 | Unrestricted Upload of File with Dangerous Type vulnerability in Simple Water Refilling Station Management System Project Simple Water Refilling Station Management System 1.0 Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action. | 8.8 |
| 2021-09-07 | CVE-2021-39279 | OS Command Injection vulnerability in Moxa products Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. | 8.8 |