Skip to main content
CVE-2021-27132 CRITICAL POC THREAT Emergency

SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.7%.

Code Injection Agcombo Vd625 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
16.7%
Threat
4.0
CVE-2021-25281 CRITICAL POC PATCH THREAT Emergency

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
72.9%
CVE-2021-25282 CRITICAL POC PATCH THREAT Emergency

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
92.3%
CVE-2021-3197 CRITICAL PATCH Act Now

An issue was discovered in SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
72.3%
CVE-2021-3148 CRITICAL PATCH Act Now

An issue was discovered in SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
8.2%
CVE-2021-25283 CRITICAL PATCH Act Now

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
10.4%
CVE-2021-3151 MEDIUM POC This Month

i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Doit
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2021-3144 CRITICAL PATCH Act Now

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
5.2%
CVE-2021-25284 MEDIUM PATCH This Month

An issue was discovered in through SaltStack Salt before 3002.5. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
4.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy