CVE-2021-20087 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype.
Published: April 23, 2021; 2:15:08 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM

CVE-2021-20088 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype.
Published: April 23, 2021; 2:15:08 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM

CVE-2021-20086 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype.
Published: April 23, 2021; 3:15:10 PM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-20089 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl 2.3.2 allows a malicious user to inject properties into Object.prototype.
Published: April 23, 2021; 3:15:11 PM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-31540 - Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the applicat... read CVE-2021-31540
Published: April 23, 2021; 1:15:08 PM -0400

V3.1: 7.1 HIGH
V2.0: 3.6 LOW

CVE-2021-31539 - Wowza Streaming Engine through 4.8.5 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.
Published: April 23, 2021; 1:15:08 PM -0400

V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW

CVE-2021-2273 - Vulnerability in the Oracle Legal Entity Configurator product of Oracle E-Business Suite (component: Create Contracts). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with ne... read CVE-2021-2273
Published: April 22, 2021; 6:15:16 PM -0400

V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM

CVE-2021-31794 - Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header.
Published: April 24, 2021; 4:15:07 PM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2021-27933 - pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.
Published: April 28, 2021; 3:15:07 AM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2021-20515 - IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. ... read CVE-2021-20515
Published: April 30, 2021; 12:15:07 PM -0400

V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM

CVE-2021-27973 - SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.
Published: April 02, 2021; 3:15:20 PM -0400

V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM

CVE-2020-11857 - An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user
Published: September 22, 2020; 10:15:12 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-22502 - Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.
Published: February 08, 2021; 5:15:12 PM -0500

V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH

CVE-2021-22664 - CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.
Published: April 27, 2021; 9:15:08 AM -0400

V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2020-35430 - SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem.
Published: April 29, 2021; 1:15:08 PM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-21341 - XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execu... read CVE-2021-21341
Published: March 22, 2021; 8:15:12 PM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

CVE-2021-21342 - XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. X... read CVE-2021-21342
Published: March 22, 2021; 8:15:12 PM -0400

V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM

CVE-2021-21343 - XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. X... read CVE-2021-21343
Published: March 22, 2021; 8:15:12 PM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

CVE-2021-21344 - XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the proce... read CVE-2021-21344
Published: March 22, 2021; 8:15:12 PM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-21345 - XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the p... read CVE-2021-21345
Published: March 22, 2021; 8:15:12 PM -0400

V3.1: 9.9 CRITICAL
V2.0: 6.5 MEDIUM