Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1293 | 1 Cisco | 10 Rv160 Vpn Router, Rv160 Vpn Router Firmware, Rv160w Wireless-ac Vpn Router and 7 more | 2021-02-08 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | |||||
| CVE-2021-1289 | 1 Cisco | 10 Rv160 Vpn Router, Rv160 Vpn Router Firmware, Rv160w Wireless-ac Vpn Router and 7 more | 2021-02-08 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | |||||
| CVE-2021-26687 | 1 Google | 1 Android | 2021-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021). | |||||
| CVE-2021-26688 | 2 Google, Lg | 2 Android, Wing | 2021-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021). | |||||
| CVE-2021-25274 | 1 Solarwinds | 1 Orion Platform | 2021-02-08 | 10.0 HIGH | 9.8 CRITICAL |
| The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem. | |||||
| CVE-2021-20016 | 1 Sonicwall | 11 Sma 100, Sma 100 Firmware, Sma 200 and 8 more | 2021-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. | |||||
| CVE-2020-15097 | 1 Loklak Project | 1 Loklak | 2021-02-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. All messages are stored in an elasticsearch index. In loklak less than or equal to commit 5f48476, a path traversal vulnerability exists. Insufficient input validation in the APIs exposed by the loklak server allowed a directory traversal vulnerability. Any admin configuration and files readable by the app available on the hosted file system can be retrieved by the attacker. Furthermore, user-controlled content could be written to any admin config and files readable by the application. This has been patched in commit 50dd692. Users will need to upgrade their hosted instances of loklak to not be vulnerable to this exploit. | |||||
| CVE-2020-12658 | 2 Debian, Gssproxy Project | 2 Debian Linux, Gssproxy | 2021-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem." | |||||
| CVE-2017-16840 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. | |||||
| CVE-2020-18714 | 1 Rockoa | 1 Rockoa | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function. | |||||
| CVE-2020-18716 | 1 Rockoa | 1 Rockoa | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php. | |||||
| CVE-2020-18713 | 1 Rockoa | 1 Rockoa | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php | |||||
| CVE-2020-36109 | 1 Asus | 2 Rt-ax86u, Rt-ax86u Firmware | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data. | |||||
| CVE-2021-26689 | 1 Google | 1 Android | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021). | |||||
| CVE-2020-28194 | 1 Accel-ppp | 1 Accel-ppp | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution. | |||||
| CVE-2019-20468 | 1 Tk-star | 2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS. | |||||
| CVE-2020-35481 | 1 Solarwinds | 1 Serv-u | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection. | |||||
| CVE-2020-28144 | 1 Moxa | 16 Edr-810-2gsfp, Edr-810-2gsfp-t, Edr-810-2gsfp-t Firmware and 13 more | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution. | |||||
| CVE-2021-25770 | 1 Jetbrains | 1 Youtrack | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution. | |||||
| CVE-2019-0036 | 1 Juniper | 1 Junos | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results. Affected releases are Juniper Networks Junos OS: All versions prior to and including 12.3; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D161, 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S1; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3; 18.4 versions prior to 18.4R1-S1, 18.4R1-S2. | |||||
| CVE-2020-26547 | 1 Monal | 1 Monal | 2021-02-05 | 5.0 MEDIUM | 9.8 CRITICAL |
| Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) results. This allows a remote attacker (able to send stanzas to a victim) to inject arbitrary messages into the local history, with full control over the sender and receiver displayed to the victim. | |||||
| CVE-2020-35124 | 1 Acquia | 1 Mautic | 2021-02-05 | 6.8 MEDIUM | 9.6 CRITICAL |
| A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads. | |||||
| CVE-2021-23330 | 1 Bitovi | 1 Launchpad | 2021-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package launchpad are vulnerable to Command Injection via stop. | |||||
| CVE-2021-3160 | 1 Aca | 1 Assuweb | 2021-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server. | |||||
| CVE-2021-26305 | 1 Cdr Project | 1 Cdr | 2021-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness. | |||||
| CVE-2021-21278 | 1 Rsshub | 1 Rsshub | 2021-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code, causing server-side security issues The fix in version 7f1c430 is to temporarily remove the problematic route and added a `no-new-func` rule to eslint. | |||||
| CVE-2020-20287 | 1 Yccms | 1 Yccms | 2021-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution. | |||||
| CVE-2021-3331 | 1 Winscp | 1 Winscp | 2021-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.) | |||||
| CVE-2020-15833 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2021-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner. | |||||
| CVE-2020-28984 | 2 Debian, Spip | 2 Debian Linux, Spip | 2021-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. | |||||
| CVE-2013-2512 | 1 Ftpd Project | 1 Ftpd | 2021-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic. | |||||
| CVE-2021-3188 | 1 Phplist | 1 Phplist | 2021-02-03 | 10.0 HIGH | 9.8 CRITICAL |
| phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. | |||||
| CVE-2021-3199 | 1 Onlyoffice | 1 Document Server | 2021-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter. | |||||
| CVE-2020-20289 | 1 Yccms | 1 Yccms | 2021-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability. | |||||
| CVE-2020-21176 | 1 Thinkjs | 1 Thinkjs | 2021-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter. | |||||
| CVE-2020-15835 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2021-02-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root. | |||||
| CVE-2020-13858 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2021-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations. | |||||
| CVE-2020-15836 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2021-02-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root. | |||||
| CVE-2021-3193 | 1 Nagios | 1 Nagios Xi | 2021-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user. | |||||
| CVE-2017-17480 | 3 Canonical, Debian, Uclouvain | 3 Ubuntu Linux, Debian Linux, Openjpeg | 2021-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | |||||
| CVE-2021-3304 | 1 Sagemcom | 2 F\@st 3686, F\@st 3686 Firmware | 2021-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI. | |||||
| CVE-2020-27297 | 1 Honeywell | 1 Opc Ua Tunneller | 2021-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233). | |||||
| CVE-2020-27299 | 1 Honeywell | 1 Opc Ua Tunneller | 2021-02-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233). | |||||
| CVE-2020-28998 | 1 Mygeeni | 2 Gnc-cw013, Gnc-cw013 Firmware | 2021-02-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the Telnet service that allows a remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. | |||||
| CVE-2020-25844 | 1 Panorama | 1 Nhiservisignadapter | 2021-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege. | |||||
| CVE-2020-6779 | 1 Bosch | 4 Fsm-2500, Fsm-2500 Firmware, Fsm-5000 and 1 more | 2021-02-03 | 10.0 HIGH | 10.0 CRITICAL |
| Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromise of the confidentiality and integrity of the stored data as well as a high availability impact on the database itself. In addition, an attacker may execute arbitrary commands on the underlying operating system. | |||||
| CVE-2021-25900 | 1 Servo | 1 Smallvec | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many. | |||||
| CVE-2020-27539 | 1 Company | 2 Cs-c2shw, Cs-c2shw Firmware | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow (OOB write). In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerable code is unreachable and one more bug required to reach it. | |||||
| CVE-2020-27540 | 1 Company | 2 Cs-c2shw, Cs-c2shw Firmware | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run automatically if there is special file on the inserted SD card. | |||||
| CVE-2020-27583 | 1 Ibm | 1 Infosphere Information Server | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||