CVE-2020-11511

The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.

Source: CVE-2020-11511

CVE-2021-29781

IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 203091.

Source: CVE-2021-29781

CVE-2021-29736

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300.

Source: CVE-2021-29736

CVE-2021-25273

Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.

Source: CVE-2021-25273

CVE-2021-36741

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations.

Please note: an attacker must first obtain the ability to logon to the product’s management console in order to exploit this vulnerability.

Source: CVE-2021-36741

CVE-2021-36742

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Source: CVE-2021-36742

CVE-2021-23418

The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.

Source: CVE-2021-23418

CVE-2021-21546

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.

Source: CVE-2021-21546

CVE-2020-5353

The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an ‘admin’ home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.

Source: CVE-2020-5353

CVE-2020-5329

Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.

Source: CVE-2020-5329