Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-01 | CVE-2021-24717 | Incorrect Authorization vulnerability in Automatorwp The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions. | 8.8 |
| 2021-11-01 | CVE-2021-24809 | Cross-Site Request Forgery (CSRF) vulnerability in Wordplus Better Messages The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. | 8.8 |
| 2021-11-01 | CVE-2021-40348 | Code Injection vulnerability in multiple products Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. | 8.8 |
| 2021-11-01 | CVE-2021-42574 | Code Injection vulnerability in multiple products An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. | 8.3 |
| 2021-11-01 | CVE-2021-42694 | Unspecified vulnerability in Unicode An issue was discovered in the character definitions of the Unicode Specification through 14.0. | 8.3 |
| 2021-11-01 | CVE-2021-20838 | XXE vulnerability in Antennahouse Office Server Document Converter Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document. | 7.5 |
| 2021-10-30 | CVE-2021-36808 | Race Condition vulnerability in Sophos Secure Workspace A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115. | 7.0 |
| 2021-10-29 | CVE-2021-1118 | Improper Privilege Management vulnerability in Nvidia Virtual GPU NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of service | 7.8 |
| 2021-10-29 | CVE-2021-1119 | Double Free vulnerability in Nvidia Virtual GPU NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. | 7.1 |
| 2021-10-29 | CVE-2021-1120 | Unspecified vulnerability in Nvidia Virtual GPU NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. | 7.0 |