Latest CVE Feed
-
9.8
CRITICALCVE-2021-39306
A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security.... Read more
- Published: Dec. 22, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-39304
Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.... Read more
Affected Products : enterprise_protection- Published: Oct. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-39303
The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability.... Read more
Affected Products : jamf- Published: Nov. 12, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-39302
MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value.... Read more
Affected Products : misp- Published: Aug. 19, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39301
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39300
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39299
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39298
A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provid... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39297
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-39296
In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system.... Read more
Affected Products : openbmc- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-39293
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.... Read more
- Published: Jan. 24, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39291
Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, N... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-39290
Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB37... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-39289
Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB37... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39286
Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped.... Read more
Affected Products : pywb- Published: Aug. 18, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39285
A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack.... Read more
Affected Products : versa_director- Published: Sep. 07, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-39283
liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.... Read more
Affected Products : live555- Published: Aug. 18, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-39282
Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.... Read more
Affected Products : live555- Published: Aug. 18, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-39280
Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31.... Read more
Affected Products : jetwave_2212g_firmware jetwave_2212x_firmware jetwave_2212s_firmware jetwave_2311_firmware jetwave_3220_firmware jetwave_3420_firmware jetwave_3220 jetwave_2311 jetwave_2212s jetwave_2212g +2 more products- Published: Feb. 06, 2022
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-39279
Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T ... Read more
- Published: Sep. 07, 2021
- Modified: Nov. 21, 2024