Latest CVE Feed
-
7.8
HIGHCVE-2021-22697
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious ... Read more
Affected Products : ecostruxure_power_build_-_rapsody- EPSS Score: %0.71
- Published: Jan. 26, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22696
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" paramete... Read more
- EPSS Score: %0.49
- Published: Apr. 02, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22685
An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1.... Read more
Affected Products : access_controller- EPSS Score: %0.11
- Published: Oct. 14, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22684
Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash... Read more
Affected Products : tizenrt- EPSS Score: %0.34
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22683
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.... Read more
Affected Products : fvdesigner- EPSS Score: %0.18
- Published: Mar. 03, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22682
Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. This may allow unprivileged users to modify the binaries and configuration files and lead to local ... Read more
Affected Products : cscape- EPSS Score: %0.03
- Published: Apr. 23, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22681
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 55... Read more
- EPSS Score: %0.12
- Published: Mar. 03, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22680
NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote ... Read more
Affected Products : mqx- EPSS Score: %1.84
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22679
The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versio... Read more
Affected Products : cc3100_software_development_kit cc3200_software_development_kit simplelink_cc13x0_software_development_kit simplelink_cc13x2_software_development_kit simplelink_cc26xx_software_development_kit simplelink_cc32xx_software_development_kit simplelink_msp432e4_software_development_kit- EPSS Score: %0.70
- Published: May. 07, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22678
Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process.... Read more
Affected Products : cscape- EPSS Score: %0.23
- Published: Apr. 23, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22677
An integer overflow exists in the APIs of the host MCU while trying to connect to a WIFI network may lead to issues such as a denial-of-service condition or code execution on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.0... Read more
Affected Products : cc3100_software_development_kit cc3200_software_development_kit simplelink_cc13x0_software_development_kit simplelink_cc13x2_software_development_kit simplelink_cc26xx_software_development_kit simplelink_cc32xx_software_development_kit simplelink_msp432e4_software_development_kit- EPSS Score: %0.06
- Published: May. 07, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22676
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintend... Read more
Affected Products : webaccess\/scada- EPSS Score: %0.19
- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-22675
The affected product is vulnerable to integer overflow while parsing malformed over-the-air firmware update files, which may allow an attacker to remotely execute code on SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and pr... Read more
Affected Products : cc3100_software_development_kit cc3200_software_development_kit simplelink_cc13x0_software_development_kit simplelink_cc13x2_software_development_kit simplelink_cc26xx_software_development_kit simplelink_cc32xx_software_development_kit simplelink_msp432e4_software_development_kit- EPSS Score: %0.77
- Published: May. 07, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-22674
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).... Read more
Affected Products : webaccess\/scada- EPSS Score: %0.31
- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
8.0
HIGHCVE-2021-22673
The affected product is vulnerable to stack-based buffer overflow while processing over-the-air firmware updates from the CDN server, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX... Read more
Affected Products : cc3100_software_development_kit cc3200_software_development_kit simplelink_cc13x0_software_development_kit simplelink_cc13x2_software_development_kit simplelink_cc26xx_software_development_kit simplelink_cc32xx_software_development_kit simplelink_msp432e4_software_development_kit- EPSS Score: %0.74
- Published: May. 07, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22672
Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 could allow the corruption of data, a denial-of-service condition, or code execution. The vulnerability may allow an attacker to remotely execute arbitrary code.... Read more
Affected Products : cncsoft_screeneditor- EPSS Score: %0.30
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22671
Multiple integer overflow issues exist while processing long domain names, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4... Read more
Affected Products : cc3100_software_development_kit cc3200_software_development_kit simplelink_cc13x0_software_development_kit simplelink_cc13x2_software_development_kit simplelink_cc26xx_software_development_kit simplelink_cc32xx_software_development_kit simplelink_msp432e4_software_development_kit- EPSS Score: %0.70
- Published: May. 07, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22670
An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.... Read more
Affected Products : fvdesigner- EPSS Score: %0.17
- Published: Mar. 03, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-22669
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to e... Read more
Affected Products : webaccess\/scada- EPSS Score: %0.17
- Published: Apr. 26, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22668
Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.... Read more
Affected Products : cncsoft_screeneditor- EPSS Score: %0.70
- Published: May. 16, 2021
- Modified: Nov. 21, 2024