Latest CVE Feed
-
5.4
MEDIUMCVE-2021-28247
CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflect... Read more
Affected Products : ehealth_performance_manager- EPSS Score: %0.15
- Published: Mar. 26, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-28246
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executabl... Read more
Affected Products : ehealth- EPSS Score: %0.06
- Published: Mar. 26, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28245
PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.... Read more
Affected Products : pbootcms- EPSS Score: %0.24
- Published: Mar. 31, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-28242
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.... Read more
Affected Products : b2evolution- EPSS Score: %0.48
- Published: Apr. 15, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28237
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.... Read more
Affected Products : libredwg- EPSS Score: %0.41
- Published: Dec. 02, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28236
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.... Read more
Affected Products : libredwg- EPSS Score: %0.44
- Published: Dec. 02, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-28233
Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the ok_jpg_generate_huffman_table function in ok_jpg.c.... Read more
Affected Products : ok-file-formats- EPSS Score: %0.35
- Published: Aug. 27, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-28216
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.... Read more
Affected Products : edk_ii- EPSS Score: %0.16
- Published: Aug. 05, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28213
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.... Read more
- EPSS Score: %0.37
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2021-28211
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.... Read more
- EPSS Score: %0.06
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-28210
An unlimited recursion in DxeCore in EDK II.... Read more
- EPSS Score: %0.06
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-28209
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.... Read more
- EPSS Score: %0.50
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-28208
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.... Read more
- EPSS Score: %0.50
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-28207
The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.... Read more
- EPSS Score: %0.50
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-28206
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.... Read more
- EPSS Score: %0.50
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-28205
The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system file... Read more
Affected Products : z10pr-d16_firmware asmb8-ikvm_firmware z10pe-d16_ws_firmware z10pr-d16 asmb8-ikvm z10pe-d16_ws- EPSS Score: %0.50
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-28204
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbit... Read more
Affected Products : z10pr-d16_firmware asmb8-ikvm_firmware z10pe-d16_ws_firmware z10pr-d16 asmb8-ikvm z10pe-d16_ws- EPSS Score: %1.75
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-28203
The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.... Read more
Affected Products : z10pr-d16_firmware asmb8-ikvm_firmware z10pe-d16_ws_firmware z10pr-d16 asmb8-ikvm z10pe-d16_ws- EPSS Score: %1.75
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-28202
The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to a... Read more
- EPSS Score: %0.90
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-28201
The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to a... Read more
- EPSS Score: %0.90
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024