Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-26 | CVE-2021-34583 | Out-of-bounds Write vulnerability in Codesys Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | 7.5 |
| 2021-10-26 | CVE-2021-34586 | NULL Pointer Dereference vulnerability in Codesys In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. | 7.5 |
| 2021-10-26 | CVE-2021-34595 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys Plcwinnt and Runtime Toolkit A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. | 8.1 |
| 2021-10-26 | CVE-2021-41305 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian Jira Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. | 7.5 |
| 2021-10-26 | CVE-2021-41306 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian Jira Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. | 7.5 |
| 2021-10-26 | CVE-2021-41307 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian Jira Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. | 7.5 |
| 2021-10-25 | CVE-2021-38258 | Classic Buffer Overflow vulnerability in NXP Mcuxpresso Software Development KIT 2.7.0 NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback(). | 7.8 |
| 2021-10-25 | CVE-2021-38260 | Classic Buffer Overflow vulnerability in NXP Mcuxpresso Software Development KIT 2.7.0 NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor(). | 7.8 |
| 2021-10-25 | CVE-2021-39225 | Missing Authorization vulnerability in Nextcloud Deck Nextcloud is an open-source, self-hosted productivity platform. | 8.1 |
| 2021-10-25 | CVE-2021-41145 | Memory Leak vulnerability in Freeswitch FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. | 7.5 |