Skip to main content
CVE-2021-43572 CRITICAL POC PATCH Act Now

The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Jwt Attack Ecdsa Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-43571 CRITICAL POC PATCH Act Now

The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Jwt Attack Ecdsa Node
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-43570 CRITICAL POC PATCH Act Now

The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Jwt Attack Ecdsa Java
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-43569 CRITICAL POC PATCH Act Now

The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Ecdsa Dotnet
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-43568 CRITICAL POC Act Now

The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Elixir Ecdsa
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-43466 CRITICAL POC PATCH Act Now

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Thymeleaf
NVD VulDB
CVSS 3.1
9.8
EPSS
3.9%
CVE-2021-40358 CRITICAL Act Now

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Simatic Pcs 7 Simatic Wincc
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2021-43200 CRITICAL Act Now

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43193 CRITICAL Act Now

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-43185 CRITICAL Act Now

JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Youtrack
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-43183 CRITICAL Act Now

In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hub
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-31886 CRITICAL Act Now

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Nucleus Net Nucleus Readystart V3 Nucleus Source Code Apogee Modular Building Controller Firmware +18
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-31884 CRITICAL Act Now

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Capital Vstar Nucleus Net Nucleus Readystart V3 Nucleus Source Code +19
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-31890 CRITICAL Act Now

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Capital Vstar Nucleus Net Nucleus Readystart V3 Nucleus Readystart V4 +7
NVD
CVSS 3.1
9.1
EPSS
2.1%
CVE-2021-31889 CRITICAL Act Now

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Capital Vstar Nucleus Net Nucleus Readystart V3 +7
NVD
CVSS 3.1
9.1
EPSS
2.1%
CVE-2021-31346 CRITICAL Act Now

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Capital Vstar Nucleus Net Nucleus Readystart V3 Nucleus Readystart V4 +7
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2021-31345 CRITICAL Act Now

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Capital Vstar Nucleus Net Nucleus Readystart V3 Nucleus Source Code +6
NVD
CVSS 3.1
9.1
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy