Latest CVE Feed
-
4.9
MEDIUMCVE-2021-28180
The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers u... Read more
Affected Products : z10pr-d16_firmware asmb8-ikvm_firmware z10pe-d16_ws_firmware z10pr-d16 asmb8-ikvm z10pe-d16_ws- EPSS Score: %0.90
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-28179
The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attacke... Read more
Affected Products : z10pr-d16_firmware asmb8-ikvm_firmware z10pe-d16_ws_firmware z10pr-d16 asmb8-ikvm z10pe-d16_ws- EPSS Score: %0.90
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-28178
The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnorm... Read more
Affected Products : z10pr-d16_firmware asmb8-ikvm_firmware z10pe-d16_ws_firmware z10pr-d16 asmb8-ikvm z10pe-d16_ws- EPSS Score: %0.90
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-28177
The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnorm... Read more
Affected Products : z10pr-d16_firmware asmb8-ikvm_firmware z10pe-d16_ws_firmware z10pr-d16 asmb8-ikvm z10pe-d16_ws- EPSS Score: %0.90
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-28176
The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnorma... Read more
Affected Products : z10pr-d16_firmware asmb8-ikvm_firmware z10pe-d16_ws_firmware z10pr-d16 asmb8-ikvm z10pe-d16_ws- EPSS Score: %0.90
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-28175
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abno... Read more
Affected Products : z10pr-d16_firmware asmb8-ikvm_firmware z10pe-d16_ws_firmware z10pr-d16 asmb8-ikvm z10pe-d16_ws- EPSS Score: %0.90
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-28174
Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login.... Read more
Affected Products : smart_stock_selection- EPSS Score: %0.14
- Published: Apr. 08, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28173
The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login.... Read more
Affected Products : deltaflow- EPSS Score: %0.75
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28172
There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage.... Read more
Affected Products : deltaflow- EPSS Score: %0.54
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28171
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.... Read more
Affected Products : deltaflow- EPSS Score: %0.28
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-28170
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.... Read more
Affected Products : weblogic_server quarkus communications_cloud_native_core_policy jakarta_expression_language- EPSS Score: %0.08
- Published: May. 26, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-28169
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can... Read more
- EPSS Score: %92.09
- Published: Jun. 09, 2021
- Modified: Nov. 21, 2024
-
6.2
MEDIUMCVE-2021-28168
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-... Read more
- EPSS Score: %0.16
- Published: Apr. 22, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-28167
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class... Read more
Affected Products : openj9- EPSS Score: %0.22
- Published: Apr. 21, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-28166
In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.... Read more
Affected Products : mosquitto- EPSS Score: %0.52
- Published: Apr. 07, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-28164
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.... Read more
Affected Products : snapcenter e-series_santricity_os_controller e-series_santricity_web_services storage_replication_adapter_for_clustered_data_ontap vasa_provider_for_clustered_data_ontap virtual_storage_console autovue_for_agile_product_lifecycle_management communications_session_route_manager jetty e-series_performance_analyzer +7 more products- EPSS Score: %93.48
- Published: Apr. 01, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2021-28163
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves... Read more
Affected Products : fedora snapcenter e-series_santricity_os_controller e-series_santricity_web_services storage_replication_adapter_for_clustered_data_ontap vasa_provider_for_clustered_data_ontap virtual_storage_console solr autovue_for_agile_product_lifecycle_management communications_services_gatekeeper +13 more products- EPSS Score: %0.15
- Published: Apr. 01, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-28162
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.... Read more
Affected Products : theia- EPSS Score: %0.17
- Published: Mar. 12, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-28161
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.... Read more
Affected Products : theia- EPSS Score: %0.20
- Published: Mar. 12, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-28160
Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected XSS vulnerability due to unsanitized SSID value when the latter is displayed in the /repeater.html page ("Repeater Wizard" homepage section).... Read more
- EPSS Score: %0.24
- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024