Monthly Archive: March 2021

CVE-2021-29093

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service...

CVE-2021-27454

The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior...

CVE-2021-27452

The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1). Date published :...

CVE-2021-27450

SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a...

CVE-2021-27440

The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). Date published : 2021-03-25...

CVE-2021-27438

The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). Date published : 2021-03-25...

CVE-2021-27372

Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands. Date...

CVE-2021-27193

Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting...