Security Vulnerabilities - CVEs Published In 2021
Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server.
CVSS Score
9.9
EPSS Score
0.011
Published
2021-12-21
Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device.
CVSS Score
7.3
EPSS Score
0.002
Published
2021-12-21
Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication to the web application, which may allow an attacker to gain access.
CVSS Score
7.3
EPSS Score
0.002
Published
2021-12-21
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
CVSS Score
6.7
EPSS Score
0.0
Published
2021-12-21
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.
CVSS Score
6.7
EPSS Score
0.001
Published
2021-12-21
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system.
CVSS Score
9.8
EPSS Score
0.031
Published
2021-12-21
Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-12-21
Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-12-21
Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication.
CVSS Score
5.9
EPSS Score
0.004
Published
2021-12-21
Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.
CVSS Score
8.2
EPSS Score
0.0
Published
2021-12-21