Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2021-22763 — Schneider-electric Powerlogic_pm5560_firmware: A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device. CVSSv3.1 9.8 (CRITICAL) · EPSS 50th percentile
CVE-2021-31659 — Tp-link Tl-sg2005_firmware: 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF).
TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with. CVSSv3.1 8.8 (HIGH) · EPSS 44th percentile
CVE-2021-31658 — Tp-link Tl-sg2005_firmware: TL-SG2005, TL-SG2008, etc.
TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased. CVSSv3.1 8.1 (HIGH) · EPSS 60th percentile
CVE-2020-15782 — Siemens Simatic_driver_controller_firmware: Affected devices are vulnerable to a memory protection bypass through a specific operation.
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software C CVSSv3.1 9.8 (CRITICAL) · EPSS 53th percentile
CVE-2020-26678 — Vfairs Vfairs: 3.3 is affected by Remote Code Execution.
vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution. CVSSv3.1 8.8 (HIGH) · EPSS 80th percentile
CVE-2020-26677 — Vfairs Vfairs: Any user logged in to a vFairs 3.3 virtual conference or event can perform
Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API. CVSSv3.1 8.8 (HIGH) · EPSS 60th percentile
CVE-2021-27562 — Trustedfirmware Trusted_firmware-m: In Arm Trusted Firmware M through 1.2, the NS world may trigger a system
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode. CVSSv3.1 5.5 (MEDIUM) · EPSS 98th percentile
CVE-2017-17677 — Bmc Remedy_mid-tier: Remedy 9.1SP3 is affected by authenticated code execution.
BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code. CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile
CVE-2017-17674 — Bmc Remedy_mid-tier: Due to the lack of restrictions on what can be targeted, the system can
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE). CVSSv3.1 9.8 (CRITICAL) · EPSS 83th percentile
CVE-2020-21844 — Gnu Libredwg: The impact is: execute arbitrary code (remote).
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580. CVSSv3.1 8.8 (HIGH) · EPSS 72th percentile
CVE-2020-21843 — Gnu Libredwg: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile
CVE-2020-21842 — Gnu Libredwg: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile
CVE-2020-21831 — Gnu Libredwg: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile
CVE-2020-21841 — Gnu Libredwg: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135.
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135. CVSSv3.1 8.8 (HIGH) · EPSS 69th percentile
CVE-2020-21840 — Gnu Libredwg: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985.
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985. CVSSv3.1 8.8 (HIGH) · EPSS 69th percentile
CVE-2020-21838 — Gnu Libredwg: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842.
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842. CVSSv3.1 8.8 (HIGH) · EPSS 69th percentile
CVE-2020-21836 — Gnu Libredwg: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175. CVSSv3.1 8.8 (HIGH) · EPSS 63th percentile
CVE-2020-21833 — Gnu Libredwg: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440.
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440. CVSSv3.1 8.8 (HIGH) · EPSS 70th percentile
CVE-2020-21832 — Gnu Libredwg: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417.
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile
CVE-2020-21830 — Gnu Libredwg: A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213.
A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile
CVE-2020-21819 — Gnu Libredwg: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51.
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile
CVE-2020-21818 — Gnu Libredwg: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48.
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile
CVE-2020-21816 — Gnu Libredwg: A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46.
A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile
CVE-2020-21814 — Gnu Libredwg: A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97.
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97. CVSSv3.1 8.8 (HIGH) · EPSS 63th percentile
CVE-2021-29053 — Liferay Dxp: Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix
Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2) CommerceChannelRelFinder.findByC_C. CVSSv3.1 8.8 (HIGH) · EPSS 64th percentile