Latest CVE Feed
-
7.5
HIGHCVE-2021-20596
NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in comm... Read more
- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
8.5
HIGHCVE-2021-20595
Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-15... Read more
Affected Products : ae-200a_firmware ae-200e_firmware ae-50a_firmware ae-50e_firmware ag-150a-a_firmware ag-150a-j_firmware eb-50gu-a_firmware eb-50gu-j_firmware ew-50a_firmware ew-50e_firmware +28 more products- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-20594
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R... Read more
Affected Products : r08sfcpu_firmware r16sfcpu_firmware r32sfcpu_firmware r120sfcpu_firmware r08psfcpu_firmware r16psfcpu_firmware r32psfcpu_firmware r120psfcpu_firmware r08sfcpu r16sfcpu +6 more products- Published: Aug. 06, 2021
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-20593
Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A ... Read more
Affected Products : ae-200a_firmware ae-200e_firmware ae-50a_firmware ae-50e_firmware ag-150a-a_firmware ag-150a-j_firmware eb-50gu-a_firmware eb-50gu-j_firmware ew-50a_firmware ew-50e_firmware +28 more products- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-20592
Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 throu... Read more
- Published: Aug. 05, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-20591
Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU al... Read more
Affected Products : r00cpu_firmware r01cpu_firmware r02cpu_firmware r04cpu_firmware r08cpu_firmware r16cpu_firmware r32cpu_firmware r120cpu_firmware r08sfcpu_firmware r16sfcpu_firmware +30 more products- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-20590
Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, G... Read more
Affected Products : got2000_gt27_firmware got2000_gt25_firmware gt2107-wtbd_firmware gt2107-wtsd_firmware gs2110-wtbd-n_firmware gs2107-wtbd-n_firmware got2000_gt25 got2000_gt27 gt2107-wtbd gt2107-wtsd +2 more products- Published: Apr. 22, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-20589
Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver versions ... Read more
Affected Products : gt_softgot2000 gt27_firmware gt25_firmware gt23_firmware gt21_firmware gs21_firmware gt_softgot2000_firmware gt27 gt25 gt23 +3 more products- Published: May. 19, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-20586
Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions, controller "CR800-*HRD" of RH-*FRHR***-D-* all versions, contro... Read more
Affected Products : rv2fr_firmware rv2frl_firmware rv4fr_firmware rv4frl_firmware rv7fr_firmware rv7frl_firmware rv7frll_firmware rv13fr_firmware rv13frl_firmware rv20fr_firmware +56 more products- Published: Jan. 29, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-20585
IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398.... Read more
Affected Products : security_verify_access- Published: Jun. 01, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-20584
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397.... Read more
- Published: Oct. 07, 2021
- Modified: Nov. 21, 2024
-
6.2
MEDIUMCVE-2021-20583
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation.. IBM X-Force ID: 199396.... Read more
Affected Products : security_verify- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-20582
IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 199328.... Read more
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-20581
IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 199324. ... Read more
- Published: Oct. 17, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-20580
IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241.... Read more
Affected Products : planning_analytics- Published: Jun. 29, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-20579
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199... Read more
- Published: Jun. 24, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-20578
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282.... Read more
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-20577
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl... Read more
Affected Products : cloud_pak_for_security- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-20576
IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash.... Read more
- Published: Jun. 01, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2021-20575
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.... Read more
- Published: Jun. 01, 2021
- Modified: Nov. 21, 2024