Latest CVE Feed
-
7.5
HIGHCVE-2021-28677
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for ... Read more
- EPSS Score: %0.22
- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28676
An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.... Read more
- EPSS Score: %0.30
- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-28675
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.... Read more
- EPSS Score: %0.09
- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-28674
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with increme... Read more
Affected Products : orion_platform- EPSS Score: %0.37
- Published: Jul. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28673
Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridg... Read more
- EPSS Score: %1.03
- Published: Mar. 29, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28672
Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridg... Read more
- EPSS Score: %2.22
- Published: Mar. 29, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28671
Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridg... Read more
- EPSS Score: %1.58
- Published: Mar. 29, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-28670
Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary fil... Read more
- EPSS Score: %0.55
- Published: Mar. 29, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28669
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights.... Read more
- EPSS Score: %0.26
- Published: Mar. 29, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28668
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.... Read more
- EPSS Score: %0.35
- Published: Mar. 29, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28667
StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name).... Read more
- EPSS Score: %0.55
- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28665
Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.... Read more
- EPSS Score: %0.47
- Published: May. 06, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-28662
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.... Read more
- EPSS Score: %8.92
- Published: May. 27, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-28661
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.... Read more
Affected Products : silverstripe- EPSS Score: %0.17
- Published: Oct. 07, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-28660
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/... Read more
- EPSS Score: %0.09
- Published: Mar. 17, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-28658
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.... Read more
- EPSS Score: %1.95
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-28657
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.... Read more
Affected Products : primavera_unifier webcenter_portal communications_messaging_server tika healthcare_foundation- EPSS Score: %0.25
- Published: Mar. 31, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-28653
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.... Read more
Affected Products : armorlock- EPSS Score: %0.30
- Published: Mar. 19, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-28652
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Deni... Read more
- EPSS Score: %0.30
- Published: May. 27, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28651
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified at... Read more
- EPSS Score: %3.09
- Published: May. 27, 2021
- Modified: Nov. 21, 2024