Security Vulnerabilities - CVEs Published In January 2021
An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in.
CVSS Score
8.1
EPSS Score
0.002
Published
2021-01-05
GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext.
CVSS Score
4.7
EPSS Score
0.001
Published
2021-01-05
GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database.
CVSS Score
2.3
EPSS Score
0.0
Published
2021-01-05
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.
CVSS Score
7.0
EPSS Score
0.0
Published
2021-01-05
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.
CVSS Score
6.4
EPSS Score
0.0
Published
2021-01-05
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.
CVSS Score
6.4
EPSS Score
0.0
Published
2021-01-05
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-01-05
GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-01-05
An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-01-05
SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsForm[profileUserId] parameter to the buzz/loadMoreProfile endpoint.
CVSS Score
8.1
EPSS Score
0.013
Published
2021-01-05