Latest CVE Feed
-
7.5
HIGHCVE-2021-44695
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.... Read more
Affected Products : simatic_s7-1500_software_controller_firmware simatic_drive_controller_cpu_1504d_tf_firmware simatic_drive_controller_cpu_1507d_tf_firmware simatic_s7-1500_cpu_1510sp_f-1_pn_firmware simatic_s7-1500_cpu_1510sp-1_pn_firmware simatic_s7-1500_cpu_1511-1_pn_firmware simatic_s7-1500_cpu_1511c-1_pn_firmware simatic_s7-1500_cpu_1511f-1_pn_firmware simatic_s7-1500_cpu_1511t-1_pn_firmware simatic_s7-1500_cpu_1511tf-1_pn_firmware +236 more products- Published: Dec. 13, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-44694
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.... Read more
Affected Products : simatic_s7-1500_software_controller_firmware simatic_drive_controller_cpu_1504d_tf_firmware simatic_drive_controller_cpu_1507d_tf_firmware simatic_s7-1500_cpu_1510sp_f-1_pn_firmware simatic_s7-1500_cpu_1510sp-1_pn_firmware simatic_s7-1500_cpu_1511-1_pn_firmware simatic_s7-1500_cpu_1511c-1_pn_firmware simatic_s7-1500_cpu_1511f-1_pn_firmware simatic_s7-1500_cpu_1511t-1_pn_firmware simatic_s7-1500_cpu_1511tf-1_pn_firmware +228 more products- Published: Dec. 13, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-44693
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.... Read more
Affected Products : simatic_s7-1500_software_controller_firmware simatic_drive_controller_cpu_1504d_tf_firmware simatic_drive_controller_cpu_1507d_tf_firmware simatic_s7-1500_cpu_1510sp_f-1_pn_firmware simatic_s7-1500_cpu_1510sp-1_pn_firmware simatic_s7-1500_cpu_1511-1_pn_firmware simatic_s7-1500_cpu_1511c-1_pn_firmware simatic_s7-1500_cpu_1511f-1_pn_firmware simatic_s7-1500_cpu_1511t-1_pn_firmware simatic_s7-1500_cpu_1511tf-1_pn_firmware +236 more products- Published: Dec. 13, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-44692
BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID is their private email address with symbols removed and periods replaced with... Read more
Affected Products : buddyboss- Published: Jan. 26, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-44686
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.... Read more
- Published: Dec. 07, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44685
Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution).... Read more
Affected Products : git-it- Published: Dec. 07, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44684
naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the _hook subcommand is concatenated without any validation, and is directly used by the exec function.... Read more
Affected Products : github-todos- Published: Dec. 07, 2021
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2021-44683
The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as cr... Read more
Affected Products : duckduckgo- Published: Mar. 25, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44682
An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP serv... Read more
Affected Products : enterprise_vault- Published: Dec. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44681
An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP serv... Read more
Affected Products : enterprise_vault- Published: Dec. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44680
An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP serv... Read more
Affected Products : enterprise_vault- Published: Dec. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44679
An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP serv... Read more
Affected Products : enterprise_vault- Published: Dec. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44678
An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP serv... Read more
Affected Products : enterprise_vault- Published: Dec. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44677
An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP serv... Read more
Affected Products : enterprise_vault- Published: Dec. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44676
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.... Read more
Affected Products : manageengine_access_manager_plus- Published: Dec. 20, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44675
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.... Read more
Affected Products : manageengine_servicedesk_plus_msp- Published: Dec. 20, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-44674
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.... Read more
Affected Products : open-audit- Published: Jan. 03, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-44673
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.... Read more
Affected Products : croogo- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-44667
A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.... Read more
Affected Products : nacos- Published: Mar. 11, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-44665
A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php.... Read more
Affected Products : xerte- Published: Feb. 24, 2022
- Modified: Nov. 21, 2024