Latest CVE Feed
-
9.0
HIGHCVE-2021-33534
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system command... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-33533
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, ... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-33532
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system ... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-33531
In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation o... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-33530
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands ... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33529
In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device.... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-33528
In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in s... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-33527
In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with th... Read more
Affected Products : mbdialup- Published: Aug. 02, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-33526
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the pr... Read more
Affected Products : mbdialup- Published: Aug. 02, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-33525
EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell.... Read more
Affected Products : eyesofnetwork- Published: May. 24, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33523
MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploa... Read more
Affected Products : mashzone_nextgen- Published: Mar. 30, 2022
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2021-33516
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using t... Read more
Affected Products : gupnp- Published: May. 24, 2021
- Modified: Nov. 21, 2024
-
5.8
MEDIUMCVE-2021-33515
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.... Read more
- Published: Jun. 28, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-33514
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTP_USER_AGENT;' with an OS command in the User-A... Read more
Affected Products : gs724tp_firmware gs728tp_firmware gs728tpp_firmware gs752tpp_firmware gs752tp_firmware gs108t_firmware gs110tp_firmware gc108p_firmware gc108pp_firmware gs110tpp_firmware +24 more products- Published: May. 21, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-33513
Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.... Read more
Affected Products : plone- Published: May. 21, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-33512
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.... Read more
Affected Products : plone- Published: May. 21, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33511
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.... Read more
Affected Products : plone- Published: May. 21, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-33510
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.... Read more
Affected Products : plone- Published: May. 21, 2021
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2021-33509
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.... Read more
Affected Products : plone- Published: May. 21, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-33508
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.... Read more
Affected Products : plone- Published: May. 21, 2021
- Modified: Nov. 21, 2024