Skip to main content
CVE-2021-28672 CRITICAL Act Now

Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Phaser 6510 Firmware Workcentre 6515 Firmware Versalink B400 Firmware +21
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-28671 CRITICAL Act Now

Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phaser 6510 Firmware Workcentre 6515 Firmware Versalink B400 Firmware Versalink B405 Firmware +20
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-27274 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear RCE File Upload Prosafe Network Management System
NVD
CVSS 3.1
9.8
EPSS
8.2%
CVE-2021-28673 CRITICAL Act Now

Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phaser 6510 Firmware Workcentre 6515 Firmware Versalink B400 Firmware Versalink B405 Firmware +19
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-28668 CRITICAL PATCH Act Now

Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Altalink B8045 Firmware Altalink B8055 Firmware Altalink B8065 Firmware Altalink B8075 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-26714 CRITICAL Act Now

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Micontact Center Enterprise
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-29417 CRITICAL PATCH Act Now

gitjacker before 0.1.0 allows remote attackers to execute arbitrary code via a crafted .git directory because of directory traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Gitjacker
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-28670 CRITICAL PATCH Act Now

Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Altalink B8045 Firmware Altalink B8055 Firmware Altalink B8065 Firmware Altalink B8075 Firmware +6
NVD
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy