Latest CVE Feed
-
9.8
CRITICALCVE-2021-27427
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.... Read more
Affected Products : riot- EPSS Score: %2.11
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27426
GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.... Read more
- EPSS Score: %0.24
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27425
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution... Read more
Affected Products : mongoose_os- EPSS Score: %1.98
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-27424
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information.... Read more
- EPSS Score: %0.19
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-27422
GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication.... Read more
- EPSS Score: %0.10
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27421
NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigni... Read more
Affected Products : mcuxpresso_software_development_kit- EPSS Score: %0.45
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-27420
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsiv... Read more
- EPSS Score: %0.22
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27419
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execu... Read more
Affected Products : uclibc-ng- EPSS Score: %3.14
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-27418
GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, U... Read more
- EPSS Score: %0.22
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27417
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflo... Read more
Affected Products : ecospro- EPSS Score: %0.18
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
5.8
MEDIUMCVE-2021-27416
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web brow... Read more
Affected Products : ellipse_enterprise_asset_management- EPSS Score: %0.52
- Published: Mar. 11, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-27414
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication crede... Read more
Affected Products : ellipse_enterprise_asset_management- EPSS Score: %0.10
- Published: Mar. 11, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-27413
Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.... Read more
- EPSS Score: %0.79
- Published: May. 13, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-27412
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.... Read more
Affected Products : dopsoft- EPSS Score: %0.21
- Published: Jul. 02, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-27411
Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior ... Read more
Affected Products : micrium_os- EPSS Score: %0.21
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27410
The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integra... Read more
- EPSS Score: %0.24
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-27408
The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn medical device management tools (Welch Allyn Servic... Read more
- EPSS Score: %0.37
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-27406
An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open... Read more
Affected Products : openvpn-client- EPSS Score: %0.13
- Published: Oct. 14, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-27405
A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js.... Read more
Affected Products : scrapbox-parser- EPSS Score: %0.56
- Published: Feb. 19, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-27404
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.... Read more
- EPSS Score: %0.16
- Published: Feb. 19, 2021
- Modified: Nov. 21, 2024