2021-06-11
2021-06-11 16:15Z
CRIT

CVE-2021-22763 — Schneider-electric Powerlogic_pm5560_firmware: A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-22763

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device. CVSSv3.1 9.8 (CRITICAL) · EPSS 50th percentile

CWECWE 640VNDSchneider ElectricVNDCweTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2021-06-10
2021-06-10 15:15Z
HIGH

CVE-2021-31659 — Tp-link Tl-sg2005_firmware: 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF).

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-31659

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with. CVSSv3.1 8.8 (HIGH) · EPSS 44th percentile

CWECWE 352VNDTp LinkVNDLinkTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-06-10
2021-06-10 15:15Z
HIGH

CVE-2021-31658 — Tp-link Tl-sg2005_firmware: TL-SG2005, TL-SG2008, etc.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-31658

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased. CVSSv3.1 8.1 (HIGH) · EPSS 60th percentile

CWECWE 129VNDTp LinkVNDLinkTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2021-05-28
2021-05-28 16:15Z
CRIT

CVE-2020-15782 — Siemens Simatic_driver_controller_firmware: Affected devices are vulnerable to a memory protection bypass through a specific operation.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-15782

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software C CVSSv3.1 9.8 (CRITICAL) · EPSS 53th percentile

CWECWE 119VNDSiemensTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2021-05-26
2021-05-26 12:15Z
HIGH

CVE-2020-26678 — Vfairs Vfairs: 3.3 is affected by Remote Code Execution.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-26678

vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution. CVSSv3.1 8.8 (HIGH) · EPSS 80th percentile

CWECWE 434VNDVfairsTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2021-05-26
2021-05-26 12:15Z
HIGH

CVE-2020-26677 — Vfairs Vfairs: Any user logged in to a vFairs 3.3 virtual conference or event can perform

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-26677

Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API. CVSSv3.1 8.8 (HIGH) · EPSS 60th percentile

CWECWE 89VNDVfairsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-25
2021-05-25 19:15Z
MED

CVE-2021-27562 — Trustedfirmware Trusted_firmware-m: In Arm Trusted Firmware M through 1.2, the NS world may trigger a system

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-27562in the wild

In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode. CVSSv3.1 5.5 (MEDIUM) · EPSS 98th percentile

CWECWE 787VNDArmVNDTrustedfirmwareTYPVulnerabilitySTAitw exploited
5.5
CVSS v3.1
93
Edit Score
728 × 90 / responsive · programmatic ad slot
2021-05-19
2021-05-19 14:15Z
HIGH

CVE-2017-17677 — Bmc Remedy_mid-tier: Remedy 9.1SP3 is affected by authenticated code execution.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-17677

BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code. CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile

CWECWE 732VNDBmcTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-19
2021-05-19 14:15Z
CRIT

CVE-2017-17674 — Bmc Remedy_mid-tier: Due to the lack of restrictions on what can be targeted, the system can

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-17674

BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE). CVSSv3.1 9.8 (CRITICAL) · EPSS 83th percentile

CWECWE 918VNDBmcTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2021-05-17
2021-05-17 22:15Z
HIGH

CVE-2020-21844 — Gnu Libredwg: The impact is: execute arbitrary code (remote).

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21844

GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580. CVSSv3.1 8.8 (HIGH) · EPSS 72th percentile

VNDGnuTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-17
2021-05-17 22:15Z
HIGH

CVE-2020-21843 — Gnu Libredwg: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21843

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile

CWECWE 787VNDGnuTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-17
2021-05-17 22:15Z
HIGH

CVE-2020-21842 — Gnu Libredwg: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21842

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile

CWECWE 787VNDGnuTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-17
2021-05-17 22:15Z
HIGH

CVE-2020-21831 — Gnu Libredwg: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21831

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile

CWECWE 787VNDGnuTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-17
2021-05-17 21:15Z
HIGH

CVE-2020-21841 — Gnu Libredwg: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21841

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135. CVSSv3.1 8.8 (HIGH) · EPSS 69th percentile

CWECWE 787VNDGnuTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-17
2021-05-17 21:15Z
HIGH

CVE-2020-21840 — Gnu Libredwg: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21840

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985. CVSSv3.1 8.8 (HIGH) · EPSS 69th percentile

CWECWE 787VNDGnuTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-17
2021-05-17 21:15Z
HIGH

CVE-2020-21838 — Gnu Libredwg: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21838

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842. CVSSv3.1 8.8 (HIGH) · EPSS 69th percentile

CWECWE 787VNDGnuTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-17
2021-05-17 21:15Z
HIGH

CVE-2020-21836 — Gnu Libredwg: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21836

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175. CVSSv3.1 8.8 (HIGH) · EPSS 63th percentile

CWECWE 787VNDGnuTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-17
2021-05-17 21:15Z
HIGH

CVE-2020-21833 — Gnu Libredwg: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21833

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440. CVSSv3.1 8.8 (HIGH) · EPSS 70th percentile

CWECWE 787VNDGnuTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-17
2021-05-17 21:15Z
HIGH

CVE-2020-21832 — Gnu Libredwg: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21832

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile

CWECWE 787VNDGnuTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-17
2021-05-17 21:15Z
HIGH

CVE-2020-21830 — Gnu Libredwg: A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21830

A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile

CWECWE 787VNDGnuTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-17
2021-05-17 19:15Z
HIGH

CVE-2020-21819 — Gnu Libredwg: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21819

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile

CWECWE 787VNDGnuTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-17
2021-05-17 19:15Z
HIGH

CVE-2020-21818 — Gnu Libredwg: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21818

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile

CWECWE 787VNDGnuTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-17
2021-05-17 19:15Z
HIGH

CVE-2020-21816 — Gnu Libredwg: A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21816

A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile

CWECWE 787VNDGnuTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-17
2021-05-17 19:15Z
HIGH

CVE-2020-21814 — Gnu Libredwg: A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21814

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97. CVSSv3.1 8.8 (HIGH) · EPSS 63th percentile

CWECWE 787VNDGnuTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-05-17
2021-05-17 11:15Z
HIGH

CVE-2021-29053 — Liferay Dxp: Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-29053

Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2) CommerceChannelRelFinder.findByC_C. CVSSv3.1 8.8 (HIGH) · EPSS 64th percentile

CWECWE 89VNDLiferayTYPVulnerability
8.8
CVSS v3.1
94
Edit Score