Larry Garfield
Products
1- 7 CVEs
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32933 | Cri | 0.65 | 10.0 | 0.01 | Apr 1, 2022 | An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process. | ||
| CVE-2021-32953 | Cri | 0.64 | 9.8 | 0.01 | Apr 1, 2022 | An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login. | ||
| CVE-2021-32957 | Hig | 0.49 | 7.5 | 0.01 | Apr 1, 2022 | A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the… | ||
| CVE-2021-32949 | Hig | 0.49 | 7.5 | 0.01 | Apr 1, 2022 | An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file. | ||
| CVE-2021-32945 | Hig | 0.49 | 7.5 | 0.00 | Apr 1, 2022 | An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06. | ||
| CVE-2021-32937 | Hig | 0.49 | 7.5 | 0.01 | Apr 1, 2022 | An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and… | ||
| CVE-2012-2097 | 0.00 | — | 0.01 | Aug 14, 2012 | Cross-site request forgery (CSRF) vulnerability in the Autosave module 6.x before 6.x-2.10 and 7.x-2.x before 7.x-2.0 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests involving "submitting saved results to a node." |
- risk 0.65cvss 10.0epss 0.01
An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process.
- risk 0.64cvss 9.8epss 0.01
An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login.
- risk 0.49cvss 7.5epss 0.01
A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the…
- risk 0.49cvss 7.5epss 0.01
An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file.
- risk 0.49cvss 7.5epss 0.00
An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06.
- risk 0.49cvss 7.5epss 0.01
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and…
- CVE-2012-2097Aug 14, 2012risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Autosave module 6.x before 6.x-2.10 and 7.x-2.x before 7.x-2.0 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests involving "submitting saved results to a node."