| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-35125 | — | Cri | 0.63 | 9.6 | 0.03 | Feb 9, 2021 | A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept). | |
| CVE-2021-21479 | — | Cri | 0.53 | 9.1 | 0.10 | Feb 9, 2021 | In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. | |
| CVE-2021-21477 | Cri | 0.67 | 9.9 | 0.30 | Feb 9, 2021 | SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code… | ||
| CVE-2020-14343 | — | Cri | 0.57 | 9.8 | 0.06 | Feb 9, 2021 | A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process… | |
| CVE-2021-26937 | Cri | 0.64 | 9.8 | 0.09 | Feb 9, 2021 | encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | ||
| CVE-2020-28645 | Cri | 0.59 | 9.1 | 0.01 | Feb 9, 2021 | Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6. | ||
| CVE-2020-13117 | Cri | 0.69 | 9.8 | 0.69 | Feb 9, 2021 | Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request. | ||
| CVE-2019-17582 | Cri | 0.00 | 9.8 | 0.02 | Feb 9, 2021 | A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in… | ||
| CVE-2021-25140 | Cri | 0.65 | 9.8 | 0.12 | Feb 9, 2021 | A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500… | ||
| CVE-2021-25139 | Cri | 0.64 | 9.8 | 0.08 | Feb 9, 2021 | A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500… | ||
| CVE-2020-15798 | Cri | 0.64 | 9.8 | 0.05 | Feb 9, 2021 | A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150… | ||
| CVE-2021-21146 | Cri | 0.62 | 9.6 | 0.01 | Feb 9, 2021 | Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | ||
| CVE-2021-21142 | Cri | 0.62 | 9.6 | 0.01 | Feb 9, 2021 | Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | ||
| CVE-2021-21132 | Cri | 0.64 | 9.6 | 0.23 | Feb 9, 2021 | Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. | ||
| CVE-2021-21124 | Cri | 0.63 | 9.6 | 0.08 | Feb 9, 2021 | Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | ||
| CVE-2021-21121 | Cri | 0.63 | 9.6 | 0.06 | Feb 9, 2021 | Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | ||
| CVE-2021-26918 | Cri | 0.64 | 9.8 | 0.03 | Feb 9, 2021 | The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified other impact) because the uploader web service allows double extensions (such as… | ||
| CVE-2021-25913 | — | Cri | 0.57 | 9.8 | 0.04 | Feb 8, 2021 | Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution. | |
| CVE-2021-22502 | Cri | 0.86 | 9.8 | 0.97 | KEV | Feb 8, 2021 | Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server. | |
| CVE-2021-26530 | Cri | 0.59 | 9.1 | 0.01 | Feb 8, 2021 | The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | ||
| CVE-2021-26529 | Cri | 0.59 | 9.1 | 0.01 | Feb 8, 2021 | The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | ||
| CVE-2021-26528 | Cri | 0.59 | 9.1 | 0.01 | Feb 8, 2021 | The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | ||
| CVE-2020-7786 | — | Cri | 0.64 | 9.8 | 0.02 | Feb 8, 2021 | This affects all versions of package macfromip. The injection point is located in line 66 in macfromip.js. | |
| CVE-2020-7785 | — | Cri | 0.64 | 9.8 | 0.02 | Feb 8, 2021 | This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js. | |
| CVE-2020-7782 | — | Cri | 0.64 | 9.8 | 0.02 | Feb 8, 2021 | This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package. | |
| CVE-2021-26541 | — | Cri | 0.00 | 9.8 | 0.05 | Feb 8, 2021 | The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability. | |
| CVE-2020-6649 | Cri | 0.64 | 9.8 | 0.02 | Feb 8, 2021 | An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical… | ||
| CVE-2020-16629 | Cri | 0.64 | 9.8 | 0.01 | Feb 8, 2021 | PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path. | ||
| CVE-2020-26051 | Cri | 0.64 | 9.8 | 0.02 | Feb 8, 2021 | College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query. | ||
| CVE-2020-11920 | Cri | 0.64 | 9.8 | 0.04 | Feb 8, 2021 | An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device… | ||
| CVE-2021-26754 | Cri | 0.64 | 9.8 | 0.05 | Feb 8, 2021 | wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection. | ||
| CVE-2021-3122 | Cri | 0.74 | 9.8 | 0.87 | Feb 7, 2021 | CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020… | ||
| CVE-2020-36242 | — | Cri | 0.53 | 9.1 | 0.07 | Feb 7, 2021 | In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. | |
| CVE-2020-10857 | Cri | 0.64 | 9.8 | 0.03 | Feb 5, 2021 | Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution. | ||
| CVE-2021-3311 | — | Cri | 0.57 | 9.8 | 0.03 | Feb 5, 2021 | An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session… | |
| CVE-2021-20623 | Cri | 0.64 | 9.8 | 0.03 | Feb 5, 2021 | Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request. | ||
| CVE-2020-18717 | Cri | 0.64 | 9.8 | 0.04 | Feb 5, 2021 | SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php. | ||
| CVE-2020-18716 | Cri | 0.64 | 9.8 | 0.02 | Feb 5, 2021 | SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php. | ||
| CVE-2020-18714 | Cri | 0.64 | 9.8 | 0.01 | Feb 5, 2021 | SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function. | ||
| CVE-2020-18713 | Cri | 0.64 | 9.8 | 0.02 | Feb 5, 2021 | SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php | ||
| CVE-2020-10539 | Cri | 0.64 | 9.8 | 0.01 | Feb 5, 2021 | An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password's MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same… | ||
| CVE-2021-1295 | Cri | 0.64 | 9.8 | 0.04 | Feb 4, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities… | ||
| CVE-2021-1294 | Cri | 0.64 | 9.8 | 0.04 | Feb 4, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities… | ||
| CVE-2021-1293 | Cri | 0.64 | 9.8 | 0.05 | Feb 4, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities… | ||
| CVE-2021-1292 | Cri | 0.64 | 9.8 | 0.04 | Feb 4, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities… | ||
| CVE-2021-1291 | Cri | 0.64 | 9.8 | 0.04 | Feb 4, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities… | ||
| CVE-2021-1290 | Cri | 0.64 | 9.8 | 0.04 | Feb 4, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities… | ||
| CVE-2021-1289 | Cri | 0.64 | 9.8 | 0.04 | Feb 4, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities… | ||
| CVE-2020-14245 | Cri | 0.64 | 9.8 | 0.01 | Feb 4, 2021 | HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources. | ||
| CVE-2021-26689 | Cri | 0.64 | 9.8 | 0.01 | Feb 4, 2021 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021). |
- risk 0.63cvss 9.6epss 0.03
A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).
- risk 0.53cvss 9.1epss 0.10
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.
- risk 0.67cvss 9.9epss 0.30
SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code…
- risk 0.57cvss 9.8epss 0.06
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process…
- risk 0.64cvss 9.8epss 0.09
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
- risk 0.59cvss 9.1epss 0.01
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.
- risk 0.69cvss 9.8epss 0.69
Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.
- risk 0.00cvss 9.8epss 0.02
A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in…
- risk 0.65cvss 9.8epss 0.12
A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500…
- risk 0.64cvss 9.8epss 0.08
A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500…
- risk 0.64cvss 9.8epss 0.05
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150…
- risk 0.62cvss 9.6epss 0.01
Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- risk 0.62cvss 9.6epss 0.01
Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- risk 0.64cvss 9.6epss 0.23
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.
- risk 0.63cvss 9.6epss 0.08
Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- risk 0.63cvss 9.6epss 0.06
Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- risk 0.64cvss 9.8epss 0.03
The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified other impact) because the uploader web service allows double extensions (such as…
- risk 0.57cvss 9.8epss 0.04
Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution.
- risk 0.86cvss 9.8epss 0.97
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.
- risk 0.59cvss 9.1epss 0.01
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
- risk 0.59cvss 9.1epss 0.01
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
- risk 0.59cvss 9.1epss 0.01
The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
- risk 0.64cvss 9.8epss 0.02
This affects all versions of package macfromip. The injection point is located in line 66 in macfromip.js.
- risk 0.64cvss 9.8epss 0.02
This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js.
- risk 0.64cvss 9.8epss 0.02
This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package.
- risk 0.00cvss 9.8epss 0.05
The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.
- risk 0.64cvss 9.8epss 0.02
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical…
- risk 0.64cvss 9.8epss 0.01
PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.
- risk 0.64cvss 9.8epss 0.02
College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device…
- risk 0.64cvss 9.8epss 0.05
wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection.
- risk 0.74cvss 9.8epss 0.87
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020…
- risk 0.53cvss 9.1epss 0.07
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
- risk 0.64cvss 9.8epss 0.03
Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.
- risk 0.57cvss 9.8epss 0.03
An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session…
- risk 0.64cvss 9.8epss 0.03
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.
- risk 0.64cvss 9.8epss 0.04
SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php.
- risk 0.64cvss 9.8epss 0.02
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.
- risk 0.64cvss 9.8epss 0.01
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.
- risk 0.64cvss 9.8epss 0.02
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password's MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same…
- risk 0.64cvss 9.8epss 0.04
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities…
- risk 0.64cvss 9.8epss 0.04
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities…
- risk 0.64cvss 9.8epss 0.05
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities…
- risk 0.64cvss 9.8epss 0.04
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities…
- risk 0.64cvss 9.8epss 0.04
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities…
- risk 0.64cvss 9.8epss 0.04
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities…
- risk 0.64cvss 9.8epss 0.04
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities…
- risk 0.64cvss 9.8epss 0.01
HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).