| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-21143 | Hig | 0.57 | 8.8 | 0.01 | Feb 9, 2021 | Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | ||
| CVE-2020-4795 | Hig | 0.53 | 8.2 | 0.02 | Feb 9, 2021 | IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IBM X-Force ID: 189446. | ||
| CVE-2020-27261 | Hig | 0.58 | 8.8 | 0.08 | Feb 9, 2021 | The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | ||
| CVE-2020-27259 | Hig | 0.57 | 8.8 | 0.03 | Feb 9, 2021 | The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code. | ||
| CVE-2020-27257 | Hig | 0.51 | 7.8 | 0.02 | Feb 9, 2021 | This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices. | ||
| CVE-2021-21138 | Hig | 0.56 | 8.6 | 0.01 | Feb 9, 2021 | Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file. | ||
| CVE-2021-21128 | Hig | 0.58 | 8.8 | 0.07 | Feb 9, 2021 | Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-21127 | Hig | 0.58 | 8.8 | 0.06 | Feb 9, 2021 | Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension. | ||
| CVE-2021-21125 | Hig | 0.53 | 8.1 | 0.08 | Feb 9, 2021 | Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | ||
| CVE-2021-21122 | Hig | 0.58 | 8.8 | 0.07 | Feb 9, 2021 | Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-21120 | Hig | 0.58 | 8.8 | 0.07 | Feb 9, 2021 | Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-21119 | Hig | 0.58 | 8.8 | 0.07 | Feb 9, 2021 | Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-21118 | Hig | 0.59 | 8.8 | 0.17 | Feb 9, 2021 | Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | ||
| CVE-2021-21117 | Hig | 0.51 | 7.8 | 0.00 | Feb 9, 2021 | Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file. | ||
| CVE-2020-16044 | Hig | 0.57 | 8.8 | 0.01 | Feb 9, 2021 | Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. | ||
| CVE-2020-13460 | Hig | 0.57 | 8.8 | 0.01 | Feb 9, 2021 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA. | ||
| CVE-2020-24685 | Hig | 0.56 | 8.6 | 0.02 | Feb 9, 2021 | An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart… | ||
| CVE-2021-26915 | Hig | 0.56 | 8.1 | 0.42 | Feb 8, 2021 | NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet. | ||
| CVE-2021-26914 | Hig | 0.62 | 8.1 | 0.78 | Feb 8, 2021 | NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject. | ||
| CVE-2021-26913 | Hig | 0.54 | 8.1 | 0.13 | Feb 8, 2021 | NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet. | ||
| CVE-2021-26912 | Hig | 0.56 | 8.1 | 0.41 | Feb 8, 2021 | NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet. | ||
| CVE-2021-26576 | Hig | 0.51 | 7.8 | 0.01 | Feb 8, 2021 | The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function. | ||
| CVE-2021-26222 | Hig | 0.53 | 8.1 | 0.01 | Feb 8, 2021 | The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. | ||
| CVE-2021-26221 | Hig | 0.53 | 8.1 | 0.01 | Feb 8, 2021 | The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. | ||
| CVE-2021-26220 | Hig | 0.53 | 8.1 | 0.01 | Feb 8, 2021 | The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. | ||
| CVE-2020-36152 | Hig | 0.57 | 8.8 | 0.02 | Feb 8, 2021 | Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA. | ||
| CVE-2020-24944 | Hig | 0.49 | 7.5 | 0.01 | Feb 8, 2021 | picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop) via a crafted QUIC frame, related to the picoquic_decode_frames and picoquic_decode_stream_frame functions and epoch==3. | ||
| CVE-2021-26910 | Hig | 0.00 | 7.8 | 0.00 | Feb 8, 2021 | Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. | ||
| CVE-2021-26577 | Hig | 0.51 | 7.8 | 0.00 | Feb 8, 2021 | The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function. | ||
| CVE-2021-26575 | Hig | 0.51 | 7.8 | 0.00 | Feb 8, 2021 | The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function. | ||
| CVE-2021-26574 | Hig | 0.51 | 7.8 | 0.00 | Feb 8, 2021 | The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function. | ||
| CVE-2021-26573 | Hig | 0.51 | 7.8 | 0.00 | Feb 8, 2021 | The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgeneratesslcfg function. | ||
| CVE-2021-25172 | Hig | 0.51 | 7.8 | 0.01 | Feb 8, 2021 | The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function. | ||
| CVE-2021-21305 | Hig | 0.42 | 7.4 | 0.13 | Feb 8, 2021 | CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation… | ||
| CVE-2021-21240 | Hig | 0.42 | 7.5 | 0.04 | Feb 8, 2021 | httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2… | ||
| CVE-2021-26572 | Hig | 0.51 | 7.8 | 0.00 | Feb 8, 2021 | The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function. | ||
| CVE-2021-26571 | Hig | 0.51 | 7.8 | 0.00 | Feb 8, 2021 | The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function. | ||
| CVE-2021-26570 | Hig | 0.51 | 7.8 | 0.01 | Feb 8, 2021 | The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webifc_setadconfig function. | ||
| CVE-2021-25171 | Hig | 0.51 | 7.8 | 0.00 | Feb 8, 2021 | The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function. | ||
| CVE-2021-25170 | Hig | 0.51 | 7.8 | 0.00 | Feb 8, 2021 | The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function. | ||
| CVE-2021-25169 | Hig | 0.51 | 7.8 | 0.00 | Feb 8, 2021 | The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function. | ||
| CVE-2021-25168 | Hig | 0.51 | 7.8 | 0.00 | Feb 8, 2021 | The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function. | ||
| CVE-2021-25837 | Hig | 0.49 | 7.5 | 0.02 | Feb 8, 2021 | Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although… | ||
| CVE-2021-25836 | Hig | 0.49 | 7.5 | 0.01 | Feb 8, 2021 | Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, which may be utilized to… | ||
| CVE-2021-25835 | — | Hig | 0.00 | 7.5 | 0.01 | Feb 8, 2021 | Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with… | |
| CVE-2021-25834 | — | Hig | 0.42 | 7.5 | 0.01 | Feb 8, 2021 | Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application. | |
| CVE-2021-25142 | Hig | 0.51 | 7.8 | 0.00 | Feb 8, 2021 | The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function. | ||
| CVE-2021-21304 | Hig | 0.40 | 7.2 | 0.02 | Feb 8, 2021 | Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for… | ||
| CVE-2021-26826 | Hig | 0.00 | 7.8 | 0.02 | Feb 8, 2021 | A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash. | ||
| CVE-2021-26825 | Hig | 0.00 | 7.8 | 0.02 | Feb 8, 2021 | An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width *… |
- risk 0.57cvss 8.8epss 0.01
Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
- risk 0.53cvss 8.2epss 0.02
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IBM X-Force ID: 189446.
- risk 0.58cvss 8.8epss 0.08
The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
- risk 0.57cvss 8.8epss 0.03
The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.
- risk 0.51cvss 7.8epss 0.02
This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices.
- risk 0.56cvss 8.6epss 0.01
Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.
- risk 0.58cvss 8.8epss 0.07
Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.58cvss 8.8epss 0.06
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.
- risk 0.53cvss 8.1epss 0.08
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
- risk 0.58cvss 8.8epss 0.07
Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.58cvss 8.8epss 0.07
Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.58cvss 8.8epss 0.07
Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- risk 0.59cvss 8.8epss 0.17
Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
- risk 0.51cvss 7.8epss 0.00
Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.
- risk 0.57cvss 8.8epss 0.01
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
- risk 0.57cvss 8.8epss 0.01
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA.
- risk 0.56cvss 8.6epss 0.02
An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart…
- risk 0.56cvss 8.1epss 0.42
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.
- risk 0.62cvss 8.1epss 0.78
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.
- risk 0.54cvss 8.1epss 0.13
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.
- risk 0.56cvss 8.1epss 0.41
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.
- risk 0.51cvss 7.8epss 0.01
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function.
- risk 0.53cvss 8.1epss 0.01
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
- risk 0.53cvss 8.1epss 0.01
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
- risk 0.53cvss 8.1epss 0.01
The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
- risk 0.57cvss 8.8epss 0.02
Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.
- risk 0.49cvss 7.5epss 0.01
picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop) via a crafted QUIC frame, related to the picoquic_decode_frames and picoquic_decode_stream_frame functions and epoch==3.
- risk 0.00cvss 7.8epss 0.00
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.
- risk 0.51cvss 7.8epss 0.00
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function.
- risk 0.51cvss 7.8epss 0.00
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function.
- risk 0.51cvss 7.8epss 0.00
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function.
- risk 0.51cvss 7.8epss 0.00
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgeneratesslcfg function.
- risk 0.51cvss 7.8epss 0.01
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function.
- risk 0.42cvss 7.4epss 0.13
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation…
- risk 0.42cvss 7.5epss 0.04
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2…
- risk 0.51cvss 7.8epss 0.00
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.
- risk 0.51cvss 7.8epss 0.00
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.
- risk 0.51cvss 7.8epss 0.01
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webifc_setadconfig function.
- risk 0.51cvss 7.8epss 0.00
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.
- risk 0.51cvss 7.8epss 0.00
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function.
- risk 0.51cvss 7.8epss 0.00
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function.
- risk 0.51cvss 7.8epss 0.00
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function.
- risk 0.49cvss 7.5epss 0.02
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although…
- risk 0.49cvss 7.5epss 0.01
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, which may be utilized to…
- risk 0.00cvss 7.5epss 0.01
Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with…
- risk 0.42cvss 7.5epss 0.01
Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.
- risk 0.51cvss 7.8epss 0.00
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function.
- risk 0.40cvss 7.2epss 0.02
Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for…
- risk 0.00cvss 7.8epss 0.02
A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.
- risk 0.00cvss 7.8epss 0.02
An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width *…