Latest CVE Feed
-
9.8
CRITICALCVE-2021-35522
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and inform... Read more
- EPSS Score: %3.42
- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2021-35521
A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information disclosure via TCP/IP packets.... Read more
- EPSS Score: %0.29
- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
6.2
MEDIUMCVE-2021-35520
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of services, and information disclosure via serial ports.... Read more
- EPSS Score: %0.09
- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-35517
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that us... Read more
Affected Products : active_iq_unified_manager peoplesoft_enterprise_peopletools oncommand_insight commerce_guided_search primavera_unifier communications_diameter_intelligence_hub communications_cloud_native_core_unified_data_repository flexcube_universal_banking banking_payments communications_billing_and_revenue_management +18 more products- EPSS Score: %0.31
- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-35516
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use... Read more
Affected Products : active_iq_unified_manager peoplesoft_enterprise_peopletools oncommand_insight commerce_guided_search primavera_unifier communications_diameter_intelligence_hub communications_cloud_native_core_unified_data_repository flexcube_universal_banking communications_billing_and_revenue_management business_process_management_suite +15 more products- EPSS Score: %0.31
- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-35515
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.... Read more
Affected Products : active_iq_unified_manager peoplesoft_enterprise_peopletools oncommand_insight commerce_guided_search primavera_unifier communications_diameter_intelligence_hub communications_cloud_native_core_unified_data_repository flexcube_universal_banking banking_payments communications_billing_and_revenue_management +17 more products- EPSS Score: %0.12
- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-35514
Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel.... Read more
Affected Products : narou- EPSS Score: %0.51
- Published: Jun. 28, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-35513
Mermaid before 8.11.0 allows XSS when the antiscript feature is used.... Read more
Affected Products : mermaid- EPSS Score: %0.31
- Published: Jun. 27, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-35512
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.... Read more
- EPSS Score: %1.43
- Published: Oct. 21, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-35508
NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must change the service configuration or overwrite the binary s... Read more
Affected Products : aquariusnet- EPSS Score: %0.28
- Published: Sep. 01, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-35506
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action.... Read more
Affected Products : filerun- EPSS Score: %0.28
- Published: Oct. 05, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-35505
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.... Read more
Affected Products : filerun- EPSS Score: %3.20
- Published: Oct. 05, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-35504
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.... Read more
Affected Products : filerun- EPSS Score: %9.46
- Published: Oct. 05, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-35503
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.... Read more
Affected Products : filerun- EPSS Score: %0.24
- Published: Oct. 05, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-35502
app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.... Read more
Affected Products : misp- EPSS Score: %0.43
- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-35501
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.... Read more
Affected Products : pandora_fms- EPSS Score: %0.38
- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
6.3
MEDIUMCVE-2021-35500
The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows ... Read more
- EPSS Score: %0.09
- Published: Jan. 12, 2022
- Modified: Nov. 21, 2024
-
8.0
HIGHCVE-2021-35499
The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute script... Read more
Affected Products : nimbus- EPSS Score: %0.69
- Published: Oct. 26, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-35498
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password ... Read more
- EPSS Score: %0.31
- Published: Oct. 13, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-35497
The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edit... Read more
- EPSS Score: %0.17
- Published: Oct. 05, 2021
- Modified: Nov. 21, 2024