CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40872
https://notcve.org/view.php?id=CVE-2021-40872
The server process may crash unexpectedly because of an invalid type cast, and must be restarted. • https://industrial.softing.com https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40872.pdf • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-40871
https://notcve.org/view.php?id=CVE-2021-40871
The client process may crash unexpectedly because of a wrong type cast, and must be restarted. • https://industrial.softing.com https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin-CVE-2021-40871.pdf • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.9EPSS: 0%CPEs: 17EXPL: 0CVE-2021-31344
https://notcve.org/view.php?id=CVE-2021-31344
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004) Se ha identificado una vulnerabilidad en APOGEE MBC (PPC) (BACnet) (Todas las versiones), APOGEE MBC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE MEC (PPC) (BACnet) (Todas las versiones), APOGEE MEC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE PXC Compact (BACnet) (Todas las versiones anteriores a V3. 5.4), APOGEE PXC Compact (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), APOGEE PXC Modular (BACnet) (Todas las versiones anteriores a V3.5. 4), APOGEE PXC Modular (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), Capital VSTAR (Todas las versiones con opciones de Ethernet activadas), Desigo PXC00-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC00-U (Todas las versiones posteriores o iguales a V2. 3 y anteriores a V6.30.016), Desigo PXC001-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC100-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC12-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30. 016), Desigo PXC128-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC200-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC22-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC22.1-E. D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC36.1-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC50-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC64-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30. 016), Desigo PXM20-E (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Nucleus NET (Todas las versiones), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2017.02.4), Nucleus ReadyStart V4 (Todas las versiones anteriores a V4.1. 1), Nucleus Source Code (Todas las versiones), PLUSCONTROL 1st Gen (Todas las versiones), SIMOTICS CONNECT 400 (Todas las versiones anteriores a V0.5.0.0), TALON TC Compact (BACnet) (Todas las versiones anteriores a V3.5.4), TALON TC Modular (BACnet) (Todas las versiones anteriores a V3.5.4). Los paquetes de eco ICMP con opciones de IP falsas permiten enviar mensajes de respuesta de eco ICMP a hosts arbitrarios en la red. • https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf https://cert-portal.siemens.com/productcert/html/ssa-114589.html https://cert-portal.siemens.com/productcert/html/ssa-044112.html https://cert-portal.siemens.com/productcert/html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 6CVE-2021-23472 – Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-23472
A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set. ... Una vulnerabilidad de confusión de tipos puede llevar a una evasión de la sanitización de la entrada cuando la entrada proporcionada a la función escapeHTML es un array (en lugar de una cadena) incluso si el atributo escape está establecido • https://github.com/wenzhixin/bootstrap-table/blob/develop/src/utils/index.js%23L218 https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1910690 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1910689 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBWENZHIXIN-1910687 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910688 https://snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 19%CPEs: 1EXPL: 2CVE-2021-23509 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-23509
A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays. ... Una vulnerabilidad de confusión de tipo puede conllevar a una omisión de CVE-2020-7766 cuando las claves proporcionadas por el usuario usadas en el parámetro pointer son matrices • https://github.com/flitbit/json-ptr%23security-vulnerabilities-resolved https://github.com/flitbit/json-ptr/commit/5dc458fbad1c382a2e3ca6d62e66ede3d92849ca https://github.com/flitbit/json-ptr/pull/42 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1767165 https://snyk.io/vuln/SNYK-JS-JSONPTR-1577291 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •