Latest CVE Feed
-
8.8
HIGHCVE-2021-39300
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39299
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39298
A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provid... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39297
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-39296
In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system.... Read more
Affected Products : openbmc- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-39293
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.... Read more
- Published: Jan. 24, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39291
Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, N... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-39290
Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB37... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-39289
Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB37... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39286
Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped.... Read more
Affected Products : pywb- Published: Aug. 18, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39285
A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack.... Read more
Affected Products : versa_director- Published: Sep. 07, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-39283
liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.... Read more
Affected Products : live555- Published: Aug. 18, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-39282
Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.... Read more
Affected Products : live555- Published: Aug. 18, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-39280
Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31.... Read more
Affected Products : jetwave_2212g_firmware jetwave_2212x_firmware jetwave_2212s_firmware jetwave_2311_firmware jetwave_3220_firmware jetwave_3420_firmware jetwave_3220 jetwave_2311 jetwave_2212s jetwave_2212g +2 more products- Published: Feb. 06, 2022
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-39279
Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T ... Read more
- Published: Sep. 07, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39278
Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU... Read more
- Published: Sep. 07, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-39274
In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results in arbitrary code execution wit... Read more
Affected Products : sn1per- Published: Aug. 19, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-39273
In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileg... Read more
Affected Products : sn1per- Published: Aug. 19, 2021
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2021-39272
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.... Read more
- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39271
OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.... Read more
Affected Products : bscw_classic- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024