Latest CVE Feed
-
8.8
HIGHCVE-2021-36359
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This... Read more
Affected Products : bscw_classic- EPSS Score: %4.88
- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-36357
An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp chec... Read more
Affected Products : skiboot- EPSS Score: %0.20
- Published: Oct. 22, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-36356
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this is... Read more
Affected Products : viaware- EPSS Score: %90.24
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-36352
Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_ma... Read more
Affected Products : hospital_information_management- EPSS Score: %0.18
- Published: Aug. 26, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-36351
SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php.... Read more
Affected Products : hospital_information_management_system- EPSS Score: %0.48
- Published: Aug. 06, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-36350
Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authent... Read more
Affected Products : powerscale_onefs- EPSS Score: %0.39
- Published: Dec. 21, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-36349
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.... Read more
- EPSS Score: %0.13
- Published: Jan. 24, 2022
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2021-36348
iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially ... Read more
- EPSS Score: %0.42
- Published: Jan. 25, 2022
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-36347
iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process executio... Read more
- EPSS Score: %1.77
- Published: Jan. 25, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-36346
Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver.... Read more
- EPSS Score: %1.22
- Published: Jan. 25, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-36343
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.... Read more
- EPSS Score: %0.04
- Published: Jan. 24, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-36342
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.... Read more
- EPSS Score: %0.04
- Published: Jan. 24, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-36341
Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information.... Read more
Affected Products : wyse_device_agent- EPSS Score: %0.05
- Published: Dec. 21, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-36339
The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.... Read more
- EPSS Score: %0.15
- Published: Jan. 21, 2022
- Modified: Nov. 21, 2024
-
8.0
HIGHCVE-2021-36338
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE... Read more
- EPSS Score: %0.11
- Published: Jan. 21, 2022
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-36337
Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data.... Read more
Affected Products : wyse_management_suite- EPSS Score: %0.10
- Published: Dec. 21, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-36336
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system.... Read more
Affected Products : wyse_management_suite- EPSS Score: %3.06
- Published: Dec. 21, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-36335
Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server... Read more
- EPSS Score: %0.43
- Published: Nov. 23, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-36334
Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine... Read more
- EPSS Score: %0.47
- Published: Nov. 23, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-36333
Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash.... Read more
- EPSS Score: %0.04
- Published: Nov. 23, 2021
- Modified: Nov. 21, 2024