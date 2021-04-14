Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22669PUBLISHED: 2021-04-26
Incorrect permissions are set to default on the â€˜Project Managementâ€™ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administratorâ€™s password and login as an admini...
CVE-2021-29473PUBLISHED: 2021-04-26
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadat...
CVE-2021-29475PUBLISHED: 2021-04-26
HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability to...
CVE-2021-31646PUBLISHED: 2021-04-26
Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote). The affected component is the file forgot_pwd.php - it uses a weak algorithm for the generation of password recovery tokens (the PHP uniqueid function), allowing a brute force attack.
CVE-2021-31783PUBLISHED: 2021-04-26
show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check.