Latest CVE Feed
-
8.8
HIGHCVE-2021-39301
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- EPSS Score: %0.25
- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39300
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- EPSS Score: %0.06
- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39299
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- EPSS Score: %0.06
- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39298
A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provid... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- EPSS Score: %0.04
- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39297
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- EPSS Score: %0.57
- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-39296
In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system.... Read more
Affected Products : openbmc- EPSS Score: %0.08
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-39293
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.... Read more
- EPSS Score: %0.02
- Published: Jan. 24, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39291
Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, N... Read more
- EPSS Score: %0.62
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-39290
Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB37... Read more
- EPSS Score: %0.51
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-39289
Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB37... Read more
- EPSS Score: %0.17
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39286
Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped.... Read more
Affected Products : pywb- EPSS Score: %0.24
- Published: Aug. 18, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39285
A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack.... Read more
Affected Products : versa_director- EPSS Score: %0.53
- Published: Sep. 07, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-39283
liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.... Read more
Affected Products : live555- EPSS Score: %0.21
- Published: Aug. 18, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-39282
Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.... Read more
Affected Products : live555- EPSS Score: %0.30
- Published: Aug. 18, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-39280
Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31.... Read more
Affected Products : jetwave_2212g_firmware jetwave_2212x_firmware jetwave_2212s_firmware jetwave_2311_firmware jetwave_3220_firmware jetwave_3420_firmware jetwave_3220 jetwave_2311 jetwave_2212s jetwave_2212g +2 more products- EPSS Score: %1.31
- Published: Feb. 06, 2022
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-39279
Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T ... Read more
- EPSS Score: %6.68
- Published: Sep. 07, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39278
Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU... Read more
- EPSS Score: %0.26
- Published: Sep. 07, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-39274
In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results in arbitrary code execution wit... Read more
Affected Products : sn1per- EPSS Score: %0.68
- Published: Aug. 19, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-39273
In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileg... Read more
Affected Products : sn1per- EPSS Score: %1.66
- Published: Aug. 19, 2021
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2021-39272
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.... Read more
- EPSS Score: %0.11
- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024