Search

Search Results (365312 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-20658 1 Contec 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware 2024-11-21 9.8 Critical
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.
CVE-2021-20657 1 Contec 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware 2024-11-21 5.4 Medium
Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors.
CVE-2021-20656 1 Contec 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware 2024-11-21 4.3 Medium
Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors.
CVE-2021-20655 1 Soliton 1 Filezen 2024-11-21 7.2 High
FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
CVE-2021-20654 1 Wekan Project 1 Wekan 2024-11-21 5.4 Medium
Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site.
CVE-2021-20653 1 Nec 8 Csdj-a, Csdj-a Firmware, Csdj-b and 5 more 2024-11-21 5.3 Medium
Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors.
CVE-2021-20652 1 Name Directory Project 1 Name Directory 2024-11-21 8.8 High
Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2021-20651 1 Elecom 1 File Manager 2024-11-21 9.1 Critical
Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors.
CVE-2021-20650 1 Elecom 2 Ncc-ewf100rmwh2, Ncc-ewf100rmwh2 Firmware 2024-11-21 6.5 Medium
Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
CVE-2021-20649 1 Elecom 2 Wrc-300febk-s, Wrc-300febk-s Firmware 2024-11-21 4.8 Medium
ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device.
CVE-2021-20648 1 Elecom 2 Wrc-300febk-s, Wrc-300febk-s Firmware 2024-11-21 6.8 Medium
ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
CVE-2021-20647 1 Elecom 2 Wrc-300febk-s, Wrc-300febk-s Firmware 2024-11-21 6.5 Medium
Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
CVE-2021-20646 1 Elecom 2 Wrc-300febk-a, Wrc-300febk-a Firmware 2024-11-21 6.5 Medium
Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
CVE-2021-20645 1 Elecom 2 Wrc-300febk-a, Wrc-300febk-a Firmware 2024-11-21 5.4 Medium
Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors.
CVE-2021-20644 1 Elecom 2 Wrc-1467ghbk-a, Wrc-1467ghbk-a Firmware 2024-11-21 6.1 Medium
ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page.
CVE-2021-20643 1 Elecom 2 Ld-ps\/u1, Ld-ps\/u1 Firmware 2024-11-21 7.5 High
Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request.
CVE-2021-20642 1 Logitech 2 Lan-w300n\/rs, Lan-w300n\/rs Firmware 2024-11-21 6.5 Medium
Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.
CVE-2021-20641 1 Logitech 2 Lan-w300n\/rs, Lan-w300n\/rs Firmware 2024-11-21 6.5 Medium
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.
CVE-2021-20640 1 Logitech 2 Lan-w300n\/pgrb, Lan-w300n\/pgrb Firmware 2024-11-21 6.8 Medium
Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors.
CVE-2021-20639 1 Logitech 2 Lan-w300n\/pgrb, Lan-w300n\/pgrb Firmware 2024-11-21 6.8 Medium
LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.