Latest CVE Feed
-
9.4
CRITICALCVE-2021-27442
The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.... Read more
Affected Products : cmt-svr-100_firmware cmt-svr-102_firmware cmt-svr-200_firmware cmt-svr-202_firmware cmt-g01_firmware cmt-g02_firmware cmt-g03_firmware cmt-g04_firmware cmt3071_firmware cmt3072_firmware +22 more products- EPSS Score: %0.14
- Published: May. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27440
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).... Read more
- EPSS Score: %0.27
- Published: Mar. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27439
TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected beh... Read more
Affected Products : tencentos-tiny- EPSS Score: %1.05
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-27438
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).... Read more
- EPSS Score: %0.28
- Published: Mar. 25, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-27437
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitatio... Read more
Affected Products : wise-paas\/rmm- EPSS Score: %0.17
- Published: May. 07, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-27436
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user ... Read more
Affected Products : webaccess\/scada- EPSS Score: %0.18
- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27435
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.... Read more
Affected Products : mbed- EPSS Score: %3.52
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-27434
Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.... Read more
- EPSS Score: %0.22
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27433
ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.... Read more
Affected Products : mbed_ualloc- EPSS Score: %3.78
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-27432
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.... Read more
- EPSS Score: %0.22
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27431
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution... Read more
Affected Products : cmsis-rtos- EPSS Score: %0.49
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
8.4
HIGHCVE-2021-27430
GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.... Read more
Affected Products : ur_bootloader_binary- EPSS Score: %0.08
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-27429
Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution. ... Read more
- EPSS Score: %0.04
- Published: Nov. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27428
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate... Read more
- EPSS Score: %0.24
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27427
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.... Read more
Affected Products : riot- EPSS Score: %2.11
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27426
GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.... Read more
- EPSS Score: %0.24
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27425
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution... Read more
Affected Products : mongoose_os- EPSS Score: %1.98
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-27424
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information.... Read more
- EPSS Score: %0.19
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-27422
GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication.... Read more
- EPSS Score: %0.10
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27421
NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigni... Read more
Affected Products : mcuxpresso_software_development_kit- EPSS Score: %0.45
- Published: May. 03, 2022
- Modified: Nov. 21, 2024