CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2021-0430 In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional exe... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-4979 IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment communication. An attacker that is able to comprimise or spoof traffic between hosts may be able to execute arbitrary commands. I... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-30128 Apache OFBiz has unsafe deserialization prior to 17.12.07 version | 9.8 | CRITICAL | — | 0 |
| CVE-2021-27372 Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute a... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-31914 In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-31915 In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-29200 Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack | 9.8 | CRITICAL | — | 0 |
| CVE-2020-22001 HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote con... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-2135 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11995 A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserializatio... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-27440 The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-19107 SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-10582 A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and mo... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-19108 SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-3466 A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-19109 SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-19110 SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-3118 EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attack... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-19111 Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-27193 Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-30642 An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arb... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-36381 An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-19112 SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-0471 In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalat... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-27573 An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can execute arbitrary code via crafted UDP packets with no prior authorization or authentication. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-19113 Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25042 Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound i... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-19114 SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-30502 The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-31756 An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the syste... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25039 Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25038 Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unb... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-1459 A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-1627 MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-31726 Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_server service. The attack vector is sending a payload to port 189 (default root 0.0.0.0). | 9.8 | CRITICAL | — | 0 |
| CVE-2021-31757 An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system v... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25035 Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25034 Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7775 This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-31758 An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the syst... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25033 Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25032 Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unb... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-25668 A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (A... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-36380 An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-30228 The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlink_proc_enable parame... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-27480 Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-21783 A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HT... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-25669 A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (A... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35205 Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-30230 The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.