CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2021-30168 The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administratorβs credential and further control the devices. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30167 The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend userβs information and escalate privileges to contr... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-29417 gitjacker before 0.1.0 allows remote attackers to execute arbitrary code via a crafted .git directory because of directory traversal. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-28300 NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a maliciou... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-2136 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-2135 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-23274 The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an un... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27389 A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25669 A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (A... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25218 Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25668 A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (A... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-24240 The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vuln... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26714 The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-29592 An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables th... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27707 Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27705 Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQO... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35860 An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35858 An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25010 An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25004 An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10210 Because of hard-coded SSH keys for the root user in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, Kami7B, an attacker may remotely log in through S... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25002 An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35926 An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7561 A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, de... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35902 An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-23899 OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35795 Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CB... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-1914 A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35797 NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25848 HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35846 Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25839 NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35847 Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35876 An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25196 The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35873 An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35872 An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10207 Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35870 An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API use-after-free. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35869 An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35868 An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35867 An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35866 An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35863 An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interfac... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35862 An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-20300 SQL injection vulnerability in the wp_where function in WeiPHP 5.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7775 This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11974 In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35131 Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON dat... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28212 A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureΒͺ Control Expert (now Unity Pro) (all versions) that could cause unauthorized c... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.