CVE-2021-27424

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed� MODBUS register can be used to gain unauthorized information.

Source: CVE-2021-27424

CVE-2021-27422

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication.

Source: CVE-2021-27422

CVE-2021-38772

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.

Source: CVE-2021-38772

CVE-2022-26243

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function.

Source: CVE-2022-26243

CVE-2021-38278

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.

Source: CVE-2021-38278

CVE-2021-46064

IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image.

Source: CVE-2021-46064

CVE-2022-22316

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276.

Source: CVE-2022-22316

CVE-2021-43737

An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can modify administrator account’s password.

Source: CVE-2021-43737

CVE-2021-44139

Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).

Source: CVE-2021-44139

CVE-2021-43735

CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.

Source: CVE-2021-43735