Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-24 CVE-2020-28906 Incorrect Default Permissions vulnerability in Nagios Fusion and Nagios XI
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root.
network
low complexity
nagios CWE-276
8.8
2021-05-24 CVE-2020-28909 Incorrect Permission Assignment for Critical Resource vulnerability in Nagios Fusion
Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts.
network
low complexity
nagios CWE-732
8.8
2021-05-24 CVE-2021-21000 Allocation of Resources Without Limits or Throttling vulnerability in Wago products
On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.
network
low complexity
wago CWE-770
7.5
2021-05-24 CVE-2021-24307 Deserialization of Untrusted Data vulnerability in Aioseo ALL in ONE SEO
The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host.
network
low complexity
aioseo CWE-502
8.8
2021-05-24 CVE-2021-20713 Improper Privilege Management vulnerability in Qualitysoft QND 10.3I/10.4I
Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product's Windows client is installed to gain administrative privileges via unspecified vectors.
local
low complexity
qualitysoft CWE-269
7.8
2021-05-24 CVE-2021-20722 Uncontrolled Search Path Element vulnerability in Fujitsu Scansnap Manager
Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.
local
low complexity
fujitsu CWE-427
7.8
2021-05-24 CVE-2021-20726 Uncontrolled Search Path Element vulnerability in Overwolf
Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.
local
low complexity
overwolf CWE-427
7.8
2021-05-22 CVE-2021-1487 Unspecified vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system.
network
low complexity
cisco
8.8
2021-05-22 CVE-2021-1531 Unspecified vulnerability in Cisco Modeling Labs
A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the web application on the underlying operating system of an affected Cisco Modeling Labs server.
network
low complexity
cisco
8.8
2021-05-22 CVE-2021-1547 Unspecified vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
network
low complexity
cisco
7.2