Latest CVE Feed
-
9.1
CRITICALCVE-2021-34566
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.... Read more
- EPSS Score: %0.26
- Published: Nov. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34565
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.... Read more
- EPSS Score: %0.35
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-34564
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.... Read more
- EPSS Score: %0.02
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2021-34563
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.... Read more
- EPSS Score: %0.10
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-34562
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response.... Read more
- EPSS Score: %0.30
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-34561
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be i... Read more
- EPSS Score: %0.09
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-34560
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least on... Read more
- EPSS Score: %0.11
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-34559
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.... Read more
- EPSS Score: %0.31
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-34558
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.... Read more
Affected Products : fedora go timesten_in-memory_database trident storagegrid cloud_insights_telegraf- EPSS Score: %1.48
- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
4.6
MEDIUMCVE-2021-34557
XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attac... Read more
- EPSS Score: %0.05
- Published: Jun. 10, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-34556
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locati... Read more
- EPSS Score: %0.00
- Published: Aug. 02, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34555
OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.... Read more
- EPSS Score: %0.68
- Published: Jun. 10, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-34553
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.... Read more
Affected Products : nexus_repository_manager- EPSS Score: %0.21
- Published: Jun. 18, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34552
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.... Read more
- EPSS Score: %0.32
- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2021-34551
PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.... Read more
- EPSS Score: %2.11
- Published: Jun. 16, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34550
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor... Read more
Affected Products : tor- EPSS Score: %0.83
- Published: Jun. 29, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34549
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.... Read more
Affected Products : tor- EPSS Score: %0.64
- Published: Jun. 29, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34548
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.... Read more
Affected Products : tor- EPSS Score: %0.16
- Published: Jun. 29, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-34547
PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user account creation.... Read more
Affected Products : prtg_network_monitor- EPSS Score: %0.10
- Published: Jun. 10, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-34546
An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an administrative shell and execute arbitrary ... Read more
Affected Products : netsetman- EPSS Score: %0.44
- Published: Jun. 10, 2021
- Modified: Nov. 21, 2024