Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-24 CVE-2021-20557 OS Command Injection vulnerability in IBM Security Guardium 11.2
IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
7.2
2021-05-24 CVE-2020-28905 Code Injection vulnerability in Nagios Fusion
Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination.
network
low complexity
nagios CWE-94
8.8
2021-05-24 CVE-2020-28906 Incorrect Default Permissions vulnerability in Nagios Fusion and Nagios XI
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root.
network
low complexity
nagios CWE-276
8.8
2021-05-24 CVE-2020-28909 Incorrect Permission Assignment for Critical Resource vulnerability in Nagios Fusion
Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts.
network
low complexity
nagios CWE-732
8.8
2021-05-24 CVE-2021-21000 Allocation of Resources Without Limits or Throttling vulnerability in Wago products
On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.
network
low complexity
wago CWE-770
7.5
2021-05-24 CVE-2021-24307 Deserialization of Untrusted Data vulnerability in Aioseo ALL in ONE SEO
The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host.
network
low complexity
aioseo CWE-502
8.8
2021-05-24 CVE-2021-20713 Improper Privilege Management vulnerability in Qualitysoft QND 10.3I/10.4I
Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product's Windows client is installed to gain administrative privileges via unspecified vectors.
local
low complexity
qualitysoft CWE-269
7.8
2021-05-24 CVE-2021-20722 Uncontrolled Search Path Element vulnerability in Fujitsu Scansnap Manager
Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.
local
low complexity
fujitsu CWE-427
7.8
2021-05-24 CVE-2021-20726 Uncontrolled Search Path Element vulnerability in Overwolf
Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.
local
low complexity
overwolf CWE-427
7.8
2021-05-22 CVE-2021-1487 Unspecified vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system.
network
low complexity
cisco
8.8