Latest CVE Feed
-
7.5
HIGHCVE-2021-35533
Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to rebo... Read more
- EPSS Score: %0.55
- Published: Nov. 26, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-35532
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to u... Read more
- EPSS Score: %0.05
- Published: Jun. 07, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-35531
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is exe... Read more
- EPSS Score: %0.08
- Published: Jun. 07, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-35530
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enab... Read more
- EPSS Score: %0.04
- Published: Jun. 07, 2022
- Modified: Nov. 21, 2024
-
7.7
HIGHCVE-2021-35529
Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product a... Read more
- EPSS Score: %0.30
- Published: Aug. 20, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-35528
Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exp... Read more
- EPSS Score: %0.04
- Published: Nov. 17, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-35527
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and... Read more
Affected Products : esoms- EPSS Score: %0.28
- Published: Jul. 14, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-35526
Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions pr... Read more
- EPSS Score: %0.01
- Published: Sep. 08, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-35525
PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not... Read more
Affected Products : postsrsd- EPSS Score: %0.12
- Published: Jun. 28, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-35523
Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint S... Read more
Affected Products : openvpn-client- EPSS Score: %0.08
- Published: Jun. 28, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-35522
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and inform... Read more
- EPSS Score: %3.42
- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2021-35521
A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information disclosure via TCP/IP packets.... Read more
- EPSS Score: %0.29
- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
6.2
MEDIUMCVE-2021-35520
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of services, and information disclosure via serial ports.... Read more
- EPSS Score: %0.09
- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-35517
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that us... Read more
Affected Products : active_iq_unified_manager peoplesoft_enterprise_peopletools oncommand_insight commerce_guided_search primavera_unifier communications_diameter_intelligence_hub communications_cloud_native_core_unified_data_repository flexcube_universal_banking banking_payments communications_billing_and_revenue_management +18 more products- EPSS Score: %0.31
- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-35516
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use... Read more
Affected Products : active_iq_unified_manager peoplesoft_enterprise_peopletools oncommand_insight commerce_guided_search primavera_unifier communications_diameter_intelligence_hub communications_cloud_native_core_unified_data_repository flexcube_universal_banking communications_billing_and_revenue_management business_process_management_suite +15 more products- EPSS Score: %0.31
- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-35515
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.... Read more
Affected Products : active_iq_unified_manager peoplesoft_enterprise_peopletools oncommand_insight commerce_guided_search primavera_unifier communications_diameter_intelligence_hub communications_cloud_native_core_unified_data_repository flexcube_universal_banking banking_payments communications_billing_and_revenue_management +17 more products- EPSS Score: %0.12
- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-35514
Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel.... Read more
Affected Products : narou- EPSS Score: %0.51
- Published: Jun. 28, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-35513
Mermaid before 8.11.0 allows XSS when the antiscript feature is used.... Read more
Affected Products : mermaid- EPSS Score: %0.31
- Published: Jun. 27, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-35512
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.... Read more
- EPSS Score: %1.43
- Published: Oct. 21, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-35508
NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must change the service configuration or overwrite the binary s... Read more
Affected Products : aquariusnet- EPSS Score: %0.28
- Published: Sep. 01, 2021
- Modified: Nov. 21, 2024