| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-23543 | — | Cri | 0.64 | 9.8 | 0.02 | Jan 10, 2022 | All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. | |
| CVE-2021-46067 | Cri | 0.64 | 9.8 | 0.05 | Jan 6, 2022 | In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover. | ||
| CVE-2021-45456 | — | Cri | 0.00 | 9.8 | 0.89 | Jan 6, 2022 | Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This may cause an illegal… | |
| CVE-2021-31522 | — | Cri | 0.00 | 9.8 | 0.03 | Jan 6, 2022 | Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions. | |
| CVE-2022-22704 | Cri | 0.64 | 9.8 | 0.01 | Jan 6, 2022 | The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration. | ||
| CVE-2021-41842 | Cri | 0.64 | 9.8 | 0.02 | Jan 6, 2022 | An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check. | ||
| CVE-2021-43779 | Cri | 0.01 | 9.9 | 0.09 | Jan 5, 2022 | GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command… | ||
| CVE-2022-21644 | Cri | 0.00 | 9.1 | 0.01 | Jan 4, 2022 | USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site… | ||
| CVE-2022-21643 | Cri | 0.00 | 10.0 | 0.01 | Jan 4, 2022 | USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users… | ||
| CVE-2021-43832 | Cri | 0.65 | 10.0 | 0.03 | Jan 4, 2022 | Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation & execution. This lets an arbitrary user with access to the gate endpoint to create a pipeline and execute it without authentication. If users… | ||
| CVE-2021-24042 | Cri | 0.64 | 9.8 | 0.01 | Jan 4, 2022 | The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have… | ||
| CVE-2022-0086 | — | Cri | 0.57 | 9.8 | 0.01 | Jan 4, 2022 | uppy is vulnerable to Server-Side Request Forgery (SSRF) | |
| CVE-2021-45389 | Cri | 0.64 | 9.8 | 0.01 | Jan 4, 2022 | A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864. | ||
| CVE-2021-43711 | Cri | 0.67 | 9.8 | 0.38 | Jan 4, 2022 | The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution. | ||
| CVE-2021-40525 | — | Cri | 0.59 | 9.1 | 0.04 | Jan 4, 2022 | Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and… | |
| CVE-2021-39990 | Cri | 0.64 | 9.8 | 0.01 | Jan 3, 2022 | The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience. | ||
| CVE-2021-39982 | Cri | 0.59 | 9.1 | 0.01 | Jan 3, 2022 | Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation of this vulnerability may read and write arbitrary files by tampering with Phone Manager notifications. | ||
| CVE-2021-39979 | Cri | 0.64 | 9.8 | 0.01 | Jan 3, 2022 | HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity. | ||
| CVE-2021-37128 | Cri | 0.64 | 9.8 | 0.01 | Jan 3, 2022 | HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file. | ||
| CVE-2021-37121 | Cri | 0.64 | 9.8 | 0.01 | Jan 3, 2022 | There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission. | ||
| CVE-2021-37120 | Cri | 0.64 | 9.8 | 0.01 | Jan 3, 2022 | There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation. | ||
| CVE-2021-37116 | Cri | 0.59 | 9.1 | 0.01 | Jan 3, 2022 | PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed. | ||
| CVE-2021-45428 | Cri | 0.71 | 9.8 | 0.57 | Jan 3, 2022 | TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats. | ||
| CVE-2021-30351 | Cri | 0.64 | 9.8 | 0.04 | Jan 3, 2022 | An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &… | ||
| CVE-2021-30276 | Cri | 0.60 | 9.3 | 0.00 | Jan 3, 2022 | Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wired Infrastructure and Networking | ||
| CVE-2021-30275 | Cri | 0.60 | 9.3 | 0.00 | Jan 3, 2022 | Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired… | ||
| CVE-2021-25981 | Cri | 0.00 | 9.8 | 0.02 | Jan 3, 2022 | In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin… | ||
| CVE-2022-0080 | Cri | 0.00 | 9.8 | 0.01 | Jan 2, 2022 | mruby is vulnerable to Heap-based Buffer Overflow | ||
| CVE-2021-45957 | Cri | 0.64 | 9.8 | 0.02 | Jan 1, 2022 | Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. | ||
| CVE-2021-45956 | Cri | 0.64 | 9.8 | 0.03 | Jan 1, 2022 | Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. | ||
| CVE-2021-45955 | Cri | 0.64 | 9.8 | 0.03 | Jan 1, 2022 | Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not… | ||
| CVE-2021-45954 | Cri | 0.64 | 9.8 | 0.03 | Jan 1, 2022 | Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. | ||
| CVE-2021-45953 | Cri | 0.64 | 9.8 | 0.03 | Jan 1, 2022 | Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. | ||
| CVE-2021-45952 | Cri | 0.64 | 9.8 | 0.03 | Jan 1, 2022 | Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. | ||
| CVE-2021-45951 | Cri | 0.64 | 9.8 | 0.03 | Jan 1, 2022 | Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge. | ||
| CVE-2021-20158 | Cri | 0.65 | 9.8 | 0.11 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command. | ||
| CVE-2021-20155 | Cri | 0.64 | 9.8 | 0.02 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678". | ||
| CVE-2021-20151 | Cri | 0.65 | 10.0 | 0.02 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a… | ||
| CVE-2021-20149 | Cri | 0.64 | 9.8 | 0.01 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via… | ||
| CVE-2021-45427 | Cri | 0.65 | 9.8 | 0.19 | Dec 30, 2021 | Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal. | ||
| CVE-2020-7883 | Cri | 0.64 | 9.8 | 0.01 | Dec 28, 2021 | Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | ||
| CVE-2020-7878 | Cri | 0.64 | 9.8 | 0.01 | Dec 28, 2021 | An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check. | ||
| CVE-2020-22057 | Cri | 0.59 | 9.1 | 0.01 | Dec 28, 2021 | The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data. | ||
| CVE-2021-45814 | Cri | 0.67 | 9.8 | 0.06 | Dec 28, 2021 | Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account. | ||
| CVE-2021-37401 | Cri | 0.64 | 9.8 | 0.01 | Dec 28, 2021 | An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded. | ||
| CVE-2021-37400 | Cri | 0.64 | 9.8 | 0.01 | Dec 28, 2021 | An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded. | ||
| CVE-2019-20082 | Cri | 0.64 | 9.8 | 0.02 | Dec 28, 2021 | ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp. | ||
| CVE-2020-21238 | Cri | 0.64 | 9.8 | 0.01 | Dec 27, 2021 | An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks. | ||
| CVE-2020-21237 | Cri | 0.64 | 9.8 | 0.01 | Dec 27, 2021 | An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks. | ||
| CVE-2020-20944 | Cri | 0.59 | 9.1 | 0.02 | Dec 27, 2021 | An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files. |
- risk 0.64cvss 9.8epss 0.02
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.
- risk 0.64cvss 9.8epss 0.05
In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover.
- risk 0.00cvss 9.8epss 0.89
Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This may cause an illegal…
- risk 0.00cvss 9.8epss 0.03
Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.
- risk 0.64cvss 9.8epss 0.01
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check.
- risk 0.01cvss 9.9epss 0.09
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command…
- risk 0.00cvss 9.1epss 0.01
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site…
- risk 0.00cvss 10.0epss 0.01
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users…
- risk 0.65cvss 10.0epss 0.03
Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation & execution. This lets an arbitrary user with access to the gate endpoint to create a pipeline and execute it without authentication. If users…
- risk 0.64cvss 9.8epss 0.01
The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have…
- risk 0.57cvss 9.8epss 0.01
uppy is vulnerable to Server-Side Request Forgery (SSRF)
- risk 0.64cvss 9.8epss 0.01
A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
- risk 0.67cvss 9.8epss 0.38
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.
- risk 0.59cvss 9.1epss 0.04
Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and…
- risk 0.64cvss 9.8epss 0.01
The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience.
- risk 0.59cvss 9.1epss 0.01
Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation of this vulnerability may read and write arbitrary files by tampering with Phone Manager notifications.
- risk 0.64cvss 9.8epss 0.01
HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity.
- risk 0.64cvss 9.8epss 0.01
HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file.
- risk 0.64cvss 9.8epss 0.01
There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission.
- risk 0.64cvss 9.8epss 0.01
There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation.
- risk 0.59cvss 9.1epss 0.01
PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed.
- risk 0.71cvss 9.8epss 0.57
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.
- risk 0.64cvss 9.8epss 0.04
An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &…
- risk 0.60cvss 9.3epss 0.00
Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wired Infrastructure and Networking
- risk 0.60cvss 9.3epss 0.00
Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired…
- risk 0.00cvss 9.8epss 0.02
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin…
- risk 0.00cvss 9.8epss 0.01
mruby is vulnerable to Heap-based Buffer Overflow
- risk 0.64cvss 9.8epss 0.02
Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.
- risk 0.64cvss 9.8epss 0.03
Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.
- risk 0.64cvss 9.8epss 0.03
Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not…
- risk 0.64cvss 9.8epss 0.03
Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.
- risk 0.64cvss 9.8epss 0.03
Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.
- risk 0.64cvss 9.8epss 0.03
Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.
- risk 0.64cvss 9.8epss 0.03
Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.
- risk 0.65cvss 9.8epss 0.11
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.
- risk 0.64cvss 9.8epss 0.02
Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678".
- risk 0.65cvss 10.0epss 0.02
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a…
- risk 0.64cvss 9.8epss 0.01
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via…
- risk 0.65cvss 9.8epss 0.19
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.
- risk 0.64cvss 9.8epss 0.01
Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.
- risk 0.64cvss 9.8epss 0.01
An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check.
- risk 0.59cvss 9.1epss 0.01
The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data.
- risk 0.67cvss 9.8epss 0.06
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
- risk 0.64cvss 9.8epss 0.01
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.
- risk 0.64cvss 9.8epss 0.01
An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded.
- risk 0.64cvss 9.8epss 0.02
ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp.
- risk 0.64cvss 9.8epss 0.01
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.
- risk 0.64cvss 9.8epss 0.01
An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks.
- risk 0.59cvss 9.1epss 0.02
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files.