Latest CVE Feed
-
7.8
HIGHCVE-2021-25849
An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.... Read more
Affected Products : vport_06ec-2v26m_firmware vport_06ec-2v36m-t_firmware vport_06ec-2v36m-ct_firmware vport_06ec-2v36m-ct-t_firmware vport_06ec-2v42m_firmware vport_06ec-2v42m-t_firmware vport_06ec-2v42m-ct_firmware vport_06ec-2v42m-ct-t_firmware vport_06ec-2v60m_firmware vport_06ec-2v60m-t_firmware +22 more products- EPSS Score: %0.32
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-25848
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available len... Read more
Affected Products : vport_06ec-2v26m_firmware vport_06ec-2v36m-t_firmware vport_06ec-2v36m-ct_firmware vport_06ec-2v36m-ct-t_firmware vport_06ec-2v42m_firmware vport_06ec-2v42m-t_firmware vport_06ec-2v42m-ct_firmware vport_06ec-2v42m-ct-t_firmware vport_06ec-2v60m_firmware vport_06ec-2v60m-t_firmware +22 more products- EPSS Score: %0.38
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-25847
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet.... Read more
Affected Products : vport_06ec-2v26m_firmware vport_06ec-2v36m-t_firmware vport_06ec-2v36m-ct_firmware vport_06ec-2v36m-ct-t_firmware vport_06ec-2v42m_firmware vport_06ec-2v42m-t_firmware vport_06ec-2v42m-ct_firmware vport_06ec-2v42m-ct-t_firmware vport_06ec-2v60m_firmware vport_06ec-2v60m-t_firmware +22 more products- EPSS Score: %0.38
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-25846
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet.... Read more
Affected Products : vport_06ec-2v26m_firmware vport_06ec-2v36m-t_firmware vport_06ec-2v36m-ct_firmware vport_06ec-2v36m-ct-t_firmware vport_06ec-2v42m_firmware vport_06ec-2v42m-t_firmware vport_06ec-2v42m-ct_firmware vport_06ec-2v42m-ct-t_firmware vport_06ec-2v60m_firmware vport_06ec-2v60m-t_firmware +22 more products- EPSS Score: %0.32
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25845
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet.... Read more
Affected Products : vport_06ec-2v26m_firmware vport_06ec-2v36m-t_firmware vport_06ec-2v36m-ct_firmware vport_06ec-2v36m-ct-t_firmware vport_06ec-2v42m_firmware vport_06ec-2v42m-t_firmware vport_06ec-2v42m-ct_firmware vport_06ec-2v42m-ct-t_firmware vport_06ec-2v60m_firmware vport_06ec-2v60m-t_firmware +22 more products- EPSS Score: %0.41
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-25839
A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.... Read more
Affected Products : minthcm- EPSS Score: %0.40
- Published: Apr. 26, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-25838
The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload.... Read more
Affected Products : minthcm- EPSS Score: %0.32
- Published: Apr. 26, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25837
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserv... Read more
Affected Products : ethermint- EPSS Score: %0.39
- Published: Feb. 08, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25836
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, wh... Read more
Affected Products : ethermint- EPSS Score: %0.24
- Published: Feb. 08, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25835
Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still... Read more
Affected Products : ethermint- EPSS Score: %0.18
- Published: Feb. 08, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25834
Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.... Read more
Affected Products : ethermint- EPSS Score: %0.20
- Published: Feb. 08, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-25833
A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a re... Read more
Affected Products : document_server- EPSS Score: %7.62
- Published: Mar. 01, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-25832
A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer.... Read more
Affected Products : document_server- EPSS Score: %8.29
- Published: Mar. 01, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-25831
A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string h... Read more
Affected Products : document_server- EPSS Score: %3.62
- Published: Mar. 01, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-25830
A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper str... Read more
Affected Products : document_server- EPSS Score: %5.32
- Published: Mar. 01, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-25829
An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server.... Read more
Affected Products : document_server- EPSS Score: %2.18
- Published: Mar. 01, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-25828
Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web.... Read more
Affected Products : emby- EPSS Score: %0.19
- Published: Jun. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-25827
Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address.... Read more
Affected Products : emby- EPSS Score: %0.30
- Published: Jun. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-25812
Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client.... Read more
- EPSS Score: %4.06
- Published: Apr. 29, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-25811
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the list... Read more
- EPSS Score: %0.51
- Published: Apr. 29, 2021
- Modified: Nov. 21, 2024