Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-26 | CVE-2021-41078 | Deserialization of Untrusted Data vulnerability in Nameko Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file. | 7.8 |
| 2021-10-26 | CVE-2021-40343 | Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI 5.8.5 An issue was discovered in Nagios XI 5.8.5. | 7.8 |
| 2021-10-26 | CVE-2021-40344 | Unrestricted Upload of File with Dangerous Type vulnerability in Nagios XI 5.8.5 An issue was discovered in Nagios XI 5.8.5. | 7.2 |
| 2021-10-26 | CVE-2021-40345 | Command Injection vulnerability in Nagios XI 5.8.5 An issue was discovered in Nagios XI 5.8.5. | 7.2 |
| 2021-10-26 | CVE-2021-34583 | Out-of-bounds Write vulnerability in Codesys Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | 7.5 |
| 2021-10-26 | CVE-2021-34586 | NULL Pointer Dereference vulnerability in Codesys In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. | 7.5 |
| 2021-10-26 | CVE-2021-34595 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys Plcwinnt and Runtime Toolkit A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. | 8.1 |
| 2021-10-26 | CVE-2021-41305 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian Jira Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. | 7.5 |
| 2021-10-26 | CVE-2021-41306 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian Jira Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. | 7.5 |
| 2021-10-26 | CVE-2021-41307 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian Jira Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. | 7.5 |