Search

Search Results (363139 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-27448 1 Ge 2 Mu320e, Mu320e Firmware 2024-11-21 7.8 High
A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).
CVE-2021-27447 1 Mesalabs 1 Amegaview 2024-11-21 10 Critical
Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code.
CVE-2021-27445 1 Mesalabs 1 Amegaview 2024-11-21 7.8 High
Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device.
CVE-2021-27440 1 Ge 2 Reason Dr60, Reason Dr60 Firmware 2024-11-21 9.8 Critical
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).
CVE-2021-27438 1 Ge 2 Reason Dr60, Reason Dr60 Firmware 2024-11-21 8.8 High
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).
CVE-2021-27437 1 Advantech 1 Wise-paas\/rmm 2024-11-21 9.1 Critical
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1).
CVE-2021-27436 1 Advantech 1 Webaccess\/scada 2024-11-21 6.1 Medium
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
CVE-2021-27434 2 Microsoft, Unified-automation 2 .net Framework, .net Based Opc Ua Client\/server Sdk 2024-11-21 7.5 High
Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
CVE-2021-27432 1 Opcfoundation 2 Ua-.net-legacy, Ua .net Standard Stack 2024-11-21 7.5 High
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
CVE-2021-27429 1 Ti 14 Cc3200, Cc3220r, Cc3220s and 11 more 2024-11-21 7.4 High
Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution.
CVE-2021-27413 1 Omron 2 Cx-one, Cx-server 2024-11-21 7.8 High
Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
CVE-2021-27412 1 Deltaww 1 Dopsoft 2024-11-21 7.8 High
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.
CVE-2021-27410 1 Hillrom 9 Connex Central Station, Connex Device Integration Suite Network Connectivity Engine, Connex Integrated Wall System and 6 more 2024-11-21 9.8 Critical
The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00).
CVE-2021-27408 1 Hillrom 9 Connex Central Station, Connex Device Integration Suite Network Connectivity Engine, Connex Integrated Wall System and 6 more 2024-11-21 7.5 High
The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00).
CVE-2021-27405 1 Scrapbox-parser Project 1 Scrapbox-parser 2024-11-21 7.5 High
A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js.
CVE-2021-27404 1 Asus 2 Askey Rtf8115vw, Askey Rtf8115vw Firmware 2024-11-21 6.1 Medium
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.
CVE-2021-27403 1 Asus 2 Askey Rtf8115vw, Askey Rtf8115vw Firmware 2024-11-21 6.1 Medium
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.
CVE-2021-27402 1 Mitel 1 Micollab 2024-11-21 6.5 Medium
The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal.
CVE-2021-27401 1 Mitel 1 Micollab 2024-11-21 6.1 Medium
The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS).
CVE-2021-27400 1 Hashicorp 1 Vault 2024-11-21 7.5 High
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1