Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-37219 | Improper Certificate Validation vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. | 8.8 |
| 2021-09-07 | CVE-2021-38615 | Unspecified vulnerability in Eigentech Natural Language Processing 3.10.1 In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information. | 8.1 |
| 2021-09-07 | CVE-2021-38616 | Unspecified vulnerability in Eigentech Natural Language Processing 3.10.1 In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. | 8.8 |
| 2021-09-07 | CVE-2021-38617 | Unspecified vulnerability in Eigentech Natural Language Processing 3.10.1 In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. | 8.8 |
| 2021-09-07 | CVE-2021-36162 | Unspecified vulnerability in Apache Dubbo Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). | 8.8 |
| 2021-09-07 | CVE-2021-28139 | Unspecified vulnerability in Espressif Esp-Idf The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload. low complexity espressif | 8.8 |
| 2021-09-07 | CVE-2021-38841 | Unrestricted Upload of File with Dangerous Type vulnerability in Simple Water Refilling Station Management System Project Simple Water Refilling Station Management System 1.0 Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action. | 8.8 |
| 2021-09-07 | CVE-2021-39279 | OS Command Injection vulnerability in Moxa products Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. | 8.8 |
| 2021-09-07 | CVE-2021-33484 | Use of Hard-coded Credentials vulnerability in Onyaktech Comments PRO Project Onyaktech Comments PRO 3.8 An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. | 7.5 |
| 2021-09-06 | CVE-2021-24006 | Unspecified vulnerability in Fortinet Fortimanager An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL. | 8.8 |