Latest CVE Feed
-
7.8
HIGHCVE-2021-28685
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process... Read more
Affected Products : gputweak_ii- EPSS Score: %0.04
- Published: Apr. 08, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-28684
The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack).... Read more
Affected Products : powerarchiver- EPSS Score: %0.33
- Published: Jun. 21, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28683
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.... Read more
Affected Products : envoy- EPSS Score: %0.12
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28682
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.... Read more
Affected Products : envoy- EPSS Score: %0.09
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-28681
Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn'... Read more
- EPSS Score: %0.10
- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2021-28680
The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise... Read more
Affected Products : devise_masquerade- EPSS Score: %0.32
- Published: Dec. 07, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-28678
An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.... Read more
- EPSS Score: %0.08
- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28677
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for ... Read more
- EPSS Score: %0.22
- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28676
An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.... Read more
- EPSS Score: %0.30
- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-28675
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.... Read more
- EPSS Score: %0.09
- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-28674
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with increme... Read more
Affected Products : orion_platform- EPSS Score: %0.37
- Published: Jul. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28673
Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridg... Read more
- EPSS Score: %1.03
- Published: Mar. 29, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28672
Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridg... Read more
- EPSS Score: %2.22
- Published: Mar. 29, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28671
Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridg... Read more
- EPSS Score: %1.58
- Published: Mar. 29, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-28670
Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary fil... Read more
- EPSS Score: %0.55
- Published: Mar. 29, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28669
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights.... Read more
- EPSS Score: %0.26
- Published: Mar. 29, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28668
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.... Read more
- EPSS Score: %0.35
- Published: Mar. 29, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28667
StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name).... Read more
- EPSS Score: %0.55
- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28665
Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.... Read more
- EPSS Score: %0.47
- Published: May. 06, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-28662
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.... Read more
- EPSS Score: %8.92
- Published: May. 27, 2021
- Modified: Nov. 21, 2024