Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-04 | CVE-2021-40112 | Unspecified vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory. | 7.5 |
| 2021-11-04 | CVE-2021-40120 | OS Command Injection vulnerability in Cisco Application Extension Platform and IOS XR A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. | 7.2 |
| 2021-11-04 | CVE-2021-40124 | Improper Privilege Management vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. | 7.8 |
| 2021-11-04 | CVE-2021-42624 | Classic Buffer Overflow vulnerability in Miniftpd Project Miniftpd A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function. | 7.8 |
| 2021-11-03 | CVE-2020-28416 | Unspecified vulnerability in HP products HP has identified a security vulnerability with the I.R.I.S. | 7.8 |
| 2021-11-03 | CVE-2020-6931 | Unspecified vulnerability in HP Print and Scan Doctor 5.7.2.014 HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege. | 7.8 |
| 2021-11-03 | CVE-2021-33800 | Path Traversal vulnerability in Alibaba Druid 1.2.3 In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal. | 7.5 |
| 2021-11-03 | CVE-2021-35053 | Unspecified vulnerability in Kaspersky Endpoint Security 11.1.0/11.6.0 Possible system denial of service in case of arbitrary changing Firefox browser parameters. | 7.5 |
| 2021-11-03 | CVE-2021-38416 | Unspecified vulnerability in Deltaww Dialink 1.2.4.0 Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed. | 7.8 |
| 2021-11-03 | CVE-2021-38420 | Incorrect Default Permissions vulnerability in Deltaww Dialink 1.2.4.0 Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files. | 7.8 |