CVE-2021-22521

A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges. (CVSS:7.2) (Terminal Update:2021-08-10)

2021-07-29T20:00:00-04:00July 29th, 2021|Gain Information|

CVE-2021-36983

replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock. (CVSS:7.2) (Final Update:2021-08-07)

2021-07-29T20:00:00-04:00July 29th, 2021|Gain Information|

CVE-2021-29736

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300. (CVSS:6.5) (Concluding Update:2021-08-05)

2021-07-29T20:00:00-04:00July 29th, 2021|Gain Information|

CVE-2020-26180

Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an accession issue with the remotesupport user account. A remote malicious user with low privileges may gain entree to data stored on the /ifs directory through most protocols. (CVSS:6.5) (Terminal Update:2021-08-06)

2021-07-27T20:00:00-04:00July 27th, 2021|Gain Information|

CVE-2020-5351

Dell EMC Data Protection Consultant versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only privileges. (CVSS:5.0) (Final Update:2021-08-06)

2021-07-27T20:00:00-04:00July 27th, 2021|Gain Information|

CVE-2021-22730

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Bright Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could an attacker to gain unauthorized administrative privileges when accessing to the charging station web server. (CVSS:10.0) (Terminal Update:2021-07-28)

2021-07-20T20:00:00-04:00July 20th, 2021|Gain Information|

CVE-2021-20106

Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. (CVSS:8.5) (Closing Update:2021-07-30)

2021-07-20T20:00:00-04:00July 20th, 2021|Gain Information|

CVE-2021-22729

A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized administrative privileges when accessing to the charging station web server. (CVSS:10.0) (Terminal Update:2021-07-28)

2021-07-20T20:00:00-04:00July 20th, 2021|Gain Information|

CVE-2021-24453

The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure (CVSS:9.0) (Closing Update:2021-08-11)

2021-07-18T20:00:00-04:00July 18th, 2021|File Inclusion|

CVE-2021-24447

The WP Image Zoom WordPress plugin before 1.47 did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard (CVSS:5.0) (Terminal Update:2021-07-28)

2021-07-18T20:00:00-04:00July 18th, 2021|File Inclusion|
Go to Top