CWE:
 

Topic
Date
Author
Med.
URVE Software Build 24.03.2020 Missing Authorization
30.12.2020
Erik Steltzner
Low
1CRM 8.6.7 Insecure Direct Object Reference
17.09.2020
Andreas Sperber
Med.
WordPress DrcSystems EthicSolutions Jssor-Slider Library Plugin Arbitrary File Upload Vulnerability
21.06.2018
KingSkrupellos
High
Lenovo ShareIT Information Disclosure / Hardcoded Password
26.01.2016
CoreLabs
High
SAP Afaria 7 Missing Authorization Check
19.06.2015
Vahagn Vardanyan


CVEMAP Search Results

CVE
Details
Description
2021-05-07
Low
CVE-2021-32093

Vendor: NSA
Software: Emissary
 

 
The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to read arbitrary files via the ConfigName parameter.

 
Medium
CVE-2021-27570

Vendor: Remotemouse
Software: Emote remote...
 

 
An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running process by sending the process name in a specially crafted packet. This information is sent in cleartext and is not protected by any authentication logic.

 
Medium
CVE-2021-27571

Vendor: Remotemouse
Software: Emote remote...
 

 
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently used and running applications, their icons, and their file paths. This information is sent in cleartext and is not protected by any authentication logic.

 
Medium
CVE-2021-27573

Vendor: Remotemouse
Software: Emote remote...
 

 
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can execute arbitrary code via crafted UDP packets with no prior authorization or authentication.

 
Medium
CVE-2021-32095

Vendor: NSA
Software: Emissary
 

 
U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary files.

 
Medium
CVE-2021-27569

Vendor: Remotemouse
Software: Emote remote...
 

 
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet. This information is sent in cleartext and is not protected by any authentication logic.

 
2021-05-06
Medium
CVE-2021-1506

Vendor: Cisco
Software: Sd-wan vmanage
 

 
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

 
Medium
CVE-2021-1508

Vendor: Cisco
Software: Sd-wan vmanage
 

 
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

 
Low
CVE-2021-22208

Vendor: Gitlab
Software: Gitlab
 

 
An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update.

 
Medium
CVE-2020-18888

Vendor: Puppycms
Software: Puppycms
 

 
Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top