CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2021-30167 The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend userβs information and escalate privileges to contr... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30168 The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administratorβs credential and further control the devices. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30169 The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant userβs credential. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-1526 A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in W... | 7.8 | HIGH | β | 0 |
| CVE-2021-1527 A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the vul... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-1528 A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected softw... | 7.8 | HIGH | β | 0 |
| CVE-2021-1536 A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authent... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-1537 A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder i... | 6.2 | MEDIUM | β | 0 |
| CVE-2021-1538 A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to ... | 4.7 | MEDIUM | β | 0 |
| CVE-2021-1539 Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI comma... | 8.1 | HIGH | β | 0 |
| CVE-2021-1540 Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI comma... | 8.1 | HIGH | β | 0 |
| CVE-2021-1544 A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe ... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-1563 Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticat... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-1564 Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticat... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-30506 Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a priv... | 8.8 | HIGH | β | 0 |
| CVE-2021-30507 Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTM... | 8.8 | HIGH | β | 0 |
| CVE-2021-30508 Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a c... | 8.8 | HIGH | β | 0 |
| CVE-2021-30509 Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafte... | 8.8 | HIGH | β | 0 |
| CVE-2021-30510 Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-30511 Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted... | 8.1 | HIGH | β | 0 |
| CVE-2021-30512 Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pag... | 8.8 | HIGH | β | 0 |
| CVE-2021-30513 Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-30514 Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2020-18265 Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member". | 8.8 | HIGH | β | 0 |
| CVE-2021-30515 Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-30516 Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pag... | 8.8 | HIGH | β | 0 |
| CVE-2021-30517 Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-30518 Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-30519 Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via a crafted HTM... | 8.8 | HIGH | β | 0 |
| CVE-2020-12293 Improper control of a resource through its lifetime in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-30520 Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML ... | 8.8 | HIGH | β | 0 |
| CVE-2020-29321 The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and ... | 7.5 | HIGH | β | 0 |
| CVE-2020-29322 The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and ... | 7.5 | HIGH | β | 0 |
| CVE-2020-29323 The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to ... | 7.5 | HIGH | β | 0 |
| CVE-2020-29324 The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmwa... | 7.5 | HIGH | β | 0 |
| CVE-2021-29500 bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly veri... | 7.5 | HIGH | β | 0 |
| CVE-2020-12294 Insufficient control flow management in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-26928 BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurati... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-31249 A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple ... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-31250 Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.c... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-31251 An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by s... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31252 An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a speciall... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-19473 An issue has been found in function DCTStream::decodeImage in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an uncaught floating point exception. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-32641 auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's `flashMessage` ... | 8.1 | HIGH | β | 0 |
| CVE-2021-31701 Mintty before 3.4.7 mishandles Bracketed Paste Mode. | 7.5 | HIGH | β | 0 |
| CVE-2021-32198 EmTec ZOC through 8.02.4 allows remote servers to cause a denial of service (Windows GUI hang) by telling the ZOC window to change its title repeatedly at high speed, which results in many SetWindowTe... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33880 The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An a... | 5.9 | MEDIUM | β | 0 |
| CVE-2021-33881 On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends ... | 4.2 | MEDIUM | β | 0 |
| CVE-2020-12295 Improper input validation in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-33879 Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package... | 8.1 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.