Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32077PUBLISHED: 2021-05-06
Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four SSN digits are part of the supported combination of search se...
CVE-2020-23263PUBLISHED: 2021-05-06Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add.
CVE-2020-23264PUBLISHED: 2021-05-06Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators.
CVE-2021-27941PUBLISHED: 2021-05-06
Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the...
CVE-2021-29203PUBLISHED: 2021-05-06
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gai...
Latest Comment: Earthling...PLEASE help me! The wormhole is about to close and I do not understand...
- At least 8 characters—the more characters, the ...
2021 Top Enterprise IT TrendsWe've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Tweet This
0 Comments
