Pottr:Real time threats




CVE-2021-33621

Severity: HIGH

Base Score: 8.8
Source
Last Modified: 2022/12/08 04:15:00

Description: The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.


CVE-2021-4189

Severity: MEDIUM

Base Score: 5.3
Source
Last Modified: 2022/12/08 03:57:00

Description: A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.


CVE-2017-7605

Severity: HIGH

Base Score: 7.8
Source
Last Modified: 2022/12/08 03:56:00

Description: aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.


CVE-2017-14438

Severity: HIGH

Base Score: 7.5
Source
Last Modified: 2022/12/08 03:55:00

Description: Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability.


CVE-2017-14439

Severity: HIGH

Base Score: 7.5
Source
Last Modified: 2022/12/08 03:52:00

Description: Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability.