Latest CVE Feed
-
7.5
HIGHCVE-2021-41306
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions ... Read more
- Published: Oct. 26, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-41305
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. Th... Read more
- Published: Oct. 26, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-41304
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected ve... Read more
- Published: Oct. 26, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-41303
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.... Read more
- Published: Sep. 17, 2021
- Modified: Nov. 21, 2024
-
7.3
HIGHCVE-2021-41302
ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege.... Read more
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-41301
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in au... Read more
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-41300
ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality.... Read more
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-41299
ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in.... Read more
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-41298
ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely ... Read more
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-41297
ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text.... Read more
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-41296
ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.... Read more
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-41295
ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT, DELETE) to perform arbitrary operations in the system.... Read more
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-41294
ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Using the specific GET parameter, unauthenticated attackers can remotely delete arbitrary files on the affected device and cause denial of service scenario.... Read more
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-41293
ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and syste... Read more
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-41292
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and ... Read more
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-41291
ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device.... Read more
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-41290
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary c... Read more
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-41289
ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffe... Read more
- Published: Nov. 15, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-41288
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.... Read more
Affected Products : manageengine_opmanager- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-41286
Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical accou... Read more
Affected Products : multicash- Published: Oct. 05, 2021
- Modified: Nov. 21, 2024