Latest CVE Feed
-
10.0
HIGHCVE-2021-32967
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.... Read more
Affected Products : diaenergie- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-11264
Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon C... Read more
Affected Products : aqt1000_firmware qca6390_firmware qca6391_firmware qca6420_firmware qca6426_firmware qca6430_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware +242 more products- Published: Sep. 08, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-14119
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12... Read more
- Published: Sep. 16, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-34727
A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device proc... Read more
Affected Products : sd-wan ios_xe_sd-wan asr_1001 asr_1002 asr_1002-x asr_1004 asr_1006 asr_1013 1100-4g\/6g_integrated_services_router 1100-4p_integrated_services_router +40 more products- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-41301
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in au... Read more
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-41290
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary c... Read more
- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-42071
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header.... Read more
- Published: Oct. 07, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-38454
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.... Read more
Affected Products : mxview- Published: Oct. 12, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-29644
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. An attacker with network access to port 31016 may exploit this issue to execute code with unrestricted privileges on the ... Read more
Affected Products : windows it_operations_director job_management_partner_1\/it_desktop_management-manager job_management_partner_1\/it_desktop_management_2-manager job_management_partner_1\/remote_control_agent job_management_partner_1\/software_distribution_client job_management_partner_1\/software_distribution_manager jp1\/it_desktop_management-manager jp1\/it_desktop_management_2-manager jp1\/it_desktop_management_2-operations_director +5 more products- Published: Oct. 12, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-23449
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.... Read more
Affected Products : vm2- Published: Oct. 18, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-31384
Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative in... Read more
- Published: Oct. 19, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-41873
Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access to a ... Read more
- Published: Oct. 26, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-1138
Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the De... Read more
- Published: Jan. 20, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-1975
Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Sna... Read more
Affected Products : qca6390_firmware qca6391_firmware qca6426_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware +350 more products- Published: Nov. 12, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-30321
Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity... Read more
Affected Products : aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware wcn3998_firmware wcn6850_firmware wcn6851_firmware +36 more products- Published: Nov. 12, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-6972
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.... Read more
- Published: Mar. 22, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2021-33268
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request.... Read more
- Published: Dec. 01, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-33271
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.... Read more
- Published: Dec. 01, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-26777
Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code.... Read more
- Published: Dec. 02, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-43033
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) bei... Read more
Affected Products : unitrends_backup- Published: Dec. 06, 2021
- Modified: Nov. 21, 2024