Latest CVE Feed
-
10.0
HIGHCVE-2021-37913
The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the sy... Read more
Affected Products : oaklouds_portal- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-37912
The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the... Read more
Affected Products : oaklouds_portal- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-37749
MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL Injection via the Id (within sourceItems) parameter to the GetMap method.... Read more
Affected Products : geomedia_webmap- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-37716
A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN S... Read more
- Published: Sep. 07, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-37181
A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All ve... Read more
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-37022
There is a Heap-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause root permission which can be escalated.... Read more
Affected Products : harmonyos- Published: Nov. 23, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-36567
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache.... Read more
Affected Products : thinkphp- Published: Dec. 06, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-36356
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this is... Read more
Affected Products : viaware- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-36287
Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.... Read more
- Published: Apr. 08, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-36206
All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries.... Read more
Affected Products : cevas- Published: Oct. 28, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-35963
The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks.... Read more
Affected Products : orca_hcm- Published: Jul. 19, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-35965
The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in.... Read more
Affected Products : orca_hcm- Published: Jul. 19, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-35961
Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission.... Read more
Affected Products : dr.id_access_control- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-2163
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.... Read more
Affected Products : linux_kernel- Published: Sep. 20, 2023
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-35464
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversio... Read more
- Actively Exploited
- Published: Jul. 22, 2021
- Modified: Mar. 14, 2025
-
10.0
HIGHCVE-2021-35104
Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearabl... Read more
Affected Products : aqt1000_firmware qam8295p_firmware qca6390_firmware qca6391_firmware qca6426_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware +342 more products- Published: Jun. 14, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-35064
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg.... Read more
Affected Products : viaware- Published: Jul. 12, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-34795
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with... Read more
Affected Products : catalyst_pon_switch_cgp-ont-1p_firmware catalyst_pon_switch_cgp-ont-4p_firmware catalyst_pon_switch_cgp-ont-4pvc_firmware catalyst_pon_switch_cgp-ont-4tvcw_firmware catalyst_pon_switch_cgp-ont-4pv_firmware catalyst_pon_switch_cgp-ont-1p catalyst_pon_switch_cgp-ont-4p catalyst_pon_switch_cgp-ont-4pvc catalyst_pon_switch_cgp-ont-4tvcw catalyst_pon_switch_cgp-ont-4pv- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-34770
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code w... Read more
- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-34730
A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, ... Read more
Affected Products : application_extension_platform small_business_rv_series_router_firmware rv130w_wireless-n_multifunction_vpn_router_firmware rv215w_wireless-n_vpn_router_firmware rv110w_wireless-n_vpn_firewall_firmware rv130_vpn_router_firmware rv110w_wireless-n_vpn_firewall rv130_vpn_router rv130w_wireless-n_multifunction_vpn_router rv215w_wireless-n_vpn_router- Published: Aug. 18, 2021
- Modified: Nov. 21, 2024