Latest CVE Feed
-
8.8
HIGHCVE-2021-34447
Windows MSHTML Platform Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +7 more products- EPSS Score: %1.35
- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-34446
Windows HTML Platforms Security Feature Bypass Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +7 more products- EPSS Score: %1.42
- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-34445
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability... Read more
- EPSS Score: %0.28
- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-34444
Windows DNS Server Denial of Service Vulnerability... Read more
- EPSS Score: %3.78
- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-34442
Windows DNS Server Remote Code Execution Vulnerability... Read more
- EPSS Score: %6.21
- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-34441
Microsoft Windows Media Foundation Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +9 more products- EPSS Score: %0.77
- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-34440
GDI+ Information Disclosure Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +9 more products- EPSS Score: %0.31
- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
9.3
HIGH- EPSS Score: %1.38
- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-34438
Windows Font Driver Host Remote Code Execution Vulnerability... Read more
- EPSS Score: %0.65
- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34436
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. Thi... Read more
Affected Products : theia- EPSS Score: %3.50
- Published: Sep. 02, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-34435
In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user prev... Read more
Affected Products : theia- EPSS Score: %0.16
- Published: Sep. 01, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-34434
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.... Read more
- EPSS Score: %0.26
- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34433
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the s... Read more
Affected Products : californium- EPSS Score: %0.05
- Published: Aug. 20, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34432
In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.... Read more
Affected Products : mosquitto- EPSS Score: %0.28
- Published: Jul. 27, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-34431
In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.... Read more
Affected Products : mosquitto- EPSS Score: %0.31
- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34430
Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic.... Read more
Affected Products : tinydtls- EPSS Score: %0.18
- Published: Jul. 08, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-34429
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability rep... Read more
Affected Products : hci_management_node solidfire e-series_santricity_os_controller e-series_santricity_web_services communications_cloud_native_core_unified_data_repository autovue_for_agile_product_lifecycle_management communications_diameter_signaling_router jetty snap_creator_framework communications_cloud_native_core_binding_support_function +8 more products- EPSS Score: %93.80
- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
3.6
LOWCVE-2021-34428
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple... Read more
Affected Products : debian_linux active_iq_unified_manager e-series_santricity_os_controller e-series_santricity_web_services snapmanager autovue_for_agile_product_lifecycle_management communications_services_gatekeeper communications_session_report_manager communications_session_route_manager communications_element_manager +6 more products- EPSS Score: %0.56
- Published: Jun. 22, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34427
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.... Read more
Affected Products : business_intelligence_and_reporting_tools- EPSS Score: %7.06
- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-34426
A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user\'s Git repositor... Read more
- EPSS Score: %0.04
- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024