Latest CVE Feed
-
7.5
HIGHCVE-2021-27432
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.... Read more
- EPSS Score: %0.22
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27431
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution... Read more
Affected Products : cmsis-rtos- EPSS Score: %0.49
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
8.4
HIGHCVE-2021-27430
GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.... Read more
Affected Products : ur_bootloader_binary- EPSS Score: %0.08
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-27429
Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution. ... Read more
- EPSS Score: %0.04
- Published: Nov. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27428
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate... Read more
- EPSS Score: %0.24
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27427
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.... Read more
Affected Products : riot- EPSS Score: %2.11
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27426
GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.... Read more
- EPSS Score: %0.24
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27425
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution... Read more
Affected Products : mongoose_os- EPSS Score: %1.98
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-27424
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information.... Read more
- EPSS Score: %0.19
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-27422
GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication.... Read more
- EPSS Score: %0.10
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27421
NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigni... Read more
Affected Products : mcuxpresso_software_development_kit- EPSS Score: %0.45
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-27420
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsiv... Read more
- EPSS Score: %0.22
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27419
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execu... Read more
Affected Products : uclibc-ng- EPSS Score: %3.14
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-27418
GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, U... Read more
- EPSS Score: %0.22
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27417
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflo... Read more
Affected Products : ecospro- EPSS Score: %0.18
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
5.8
MEDIUMCVE-2021-27416
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web brow... Read more
Affected Products : ellipse_enterprise_asset_management- EPSS Score: %0.52
- Published: Mar. 11, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-27414
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication crede... Read more
Affected Products : ellipse_enterprise_asset_management- EPSS Score: %0.10
- Published: Mar. 11, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-27413
Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.... Read more
- EPSS Score: %0.79
- Published: May. 13, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-27412
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.... Read more
Affected Products : dopsoft- EPSS Score: %0.21
- Published: Jul. 02, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-27411
Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior ... Read more
Affected Products : micrium_os- EPSS Score: %0.21
- Published: May. 03, 2022
- Modified: Nov. 21, 2024