Latest CVE Feed
-
6.5
MEDIUMCVE-2021-31348
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).... Read more
- EPSS Score: %0.86
- Published: Apr. 16, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-31347
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).... Read more
- EPSS Score: %1.17
- Published: Apr. 16, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-31346
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 ... Read more
- EPSS Score: %2.50
- Published: Nov. 09, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-31345
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecke... Read more
Affected Products : apogee_pxc_modular_firmware talon_tc_compact_firmware talon_tc_modular_firmware capital_vstar nucleus_net nucleus_readystart_v3 nucleus_source_code apogee_modular_building_controller_firmware apogee_modular_equiment_controller_firmware apogee_pxc_compact_firmware +27 more products- EPSS Score: %1.25
- Published: Nov. 09, 2021
- Modified: Nov. 21, 2024
-
6.9
MEDIUMCVE-2021-31344
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 ... Read more
- EPSS Score: %0.91
- Published: Nov. 09, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-31343
The jutil.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT files. This could result in an out-of-bounds write past the end... Read more
- EPSS Score: %0.78
- Published: Jun. 08, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-31342
The ugeom2d.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT files. This could result in an out-of-bounds write past the e... Read more
- EPSS Score: %0.58
- Published: Jun. 08, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-31341
Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to v7.0.1).... Read more
Affected Products : database_replication- EPSS Score: %0.20
- Published: May. 12, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-31340
A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF1... Read more
Affected Products : simatic_rf185c_firmware simatic_rf186c_firmware simatic_rf186ci_firmware simatic_rf188ci_firmware simatic_rf166c_firmware simatic_rf188c_firmware simatic_rf360r_firmware simatic_reader_rf610r_cmiit_firmware simatic_reader_rf610r_etsi_firmware simatic_reader_rf610r_fcc_firmware +40 more products- EPSS Score: %0.48
- Published: Jun. 08, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-31339
A vulnerability has been identified in Mendix Excel Importer Module (All versions < V9.0.3). Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework.... Read more
Affected Products : excel_importer- EPSS Score: %0.18
- Published: May. 12, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-31338
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute ow... Read more
Affected Products : sinema_remote_connect- EPSS Score: %0.05
- Published: Aug. 19, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-31337
The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINA... Read more
- EPSS Score: %0.62
- Published: Jun. 28, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-31330
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.... Read more
Affected Products : review_board- EPSS Score: %0.59
- Published: May. 11, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-31329
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php... Read more
Affected Products : remote_clinic- EPSS Score: %0.37
- Published: Apr. 21, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-31327
Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.... Read more
Affected Products : remote_clinic- EPSS Score: %0.37
- Published: Apr. 21, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-31326
D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi.... Read more
- EPSS Score: %1.66
- Published: Mar. 24, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-31324
The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution.... Read more
Affected Products : webpanel- EPSS Score: %82.33
- Published: May. 18, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-31323
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LottieParserImpl::parseDashProperty function of their custom fork of the rlottie library. A remote attacker might be able to access he... Read more
Affected Products : telegram- EPSS Score: %0.35
- Published: May. 18, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-31322
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-... Read more
Affected Products : telegram- EPSS Score: %0.21
- Published: May. 18, 2021
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-31321
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote attacker might be able to overwrite Telegram's stack m... Read more
Affected Products : telegram- EPSS Score: %0.20
- Published: May. 18, 2021
- Modified: Nov. 21, 2024