Lucene search
K

629 matches found

OSV
OSV
added 2021/04/28 10:15 a.m.3 views

CVE-2021-30167

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices...

9.8CVSS7.3AI score0.02443EPSS
Exploits0References4
NVD
NVD
added 2021/04/28 10:15 a.m.12 views

CVE-2021-30168

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices...

9.8CVSS0.02133EPSS
Exploits0References4
Prion
Prion
added 2021/04/28 10:15 a.m.17 views

Information disclosure

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices...

9CVSS9.4AI score0.02443EPSS
Exploits0References4Affected Software41
CVE
CVE
added 2021/04/28 9:30 a.m.41 views

CVE-2021-30168

CVE-2021-30168 affects Merit Lilin ENT Co. IP cameras (P2/Z2/Z3). The root cause is an information-disclosure vulnerability that allows a remote attacker to improperly obtain/ Grant administrator credentials and take control of the device. Public reports describe sensitive data exposure and unaut...

9.8CVSS9.5AI score0.02133EPSS
In wildExploits0References4Affected Software1
Cvelist
Cvelist
added 2021/04/28 9:30 a.m.18 views

CVE-2021-30167 MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Broken Authentication

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices...

9.8CVSS9.7AI score0.02443EPSS
Exploits0References4
NVD
NVD
added 2021/04/22 8:15 p.m.12 views

CVE-2021-0275

A Cross-site Scripting XSS vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as...

9.3CVSS0.01171EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/04/22 7:37 p.m.18 views

CVE-2021-0275 Junos OS: J-Web: Cross-site scripting attack allows an attacker to gain control of another users session.

A Cross-site Scripting XSS vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as...

8.8CVSS8.4AI score0.01171EPSS
Exploits0References1
HackRead
HackRead
added 2021/04/18 6:19 p.m.51 views

WhatsApp Pink is malware spreading through group chats

By Habiba Rashid If installed; the fake and malicious WhatsApp pink app takes full control of a targeted device. This is a post from HackRead.com Read the original post: WhatsApp Pink is malware spreading through group chats...

0.7AI score
Exploits0
OSV
OSV
added 2021/04/08 11:15 a.m.3 views

CVE-2021-28685

AsIO264.sys and AsIO232.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process and to interact with MSR registers. This cou...

7.8CVSS5.8AI score0.00316EPSS
Exploits0References2
OSV
OSV
added 2021/03/10 7:15 p.m.4 views

CVE-2020-35231

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device...

8.8CVSS5.8AI score0.01069EPSS
Exploits0References1
OSV
OSV
added 2021/03/02 10:15 p.m.3 views

CVE-2020-12527

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions...

6.5CVSS5.8AI score0.01006EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/02/23 12:0 a.m.8 views

Advantech BB-ESWGP506-2SFP-T 信任管理问题漏洞

The Advantech BB-ESWGP506-2SFP-T is an application from CHAAdvantech that provides an intelligent electric bus management system. A hard-coded vulnerability in the Advantech BB-ESWGP506-2SFP-T allows remote attackers to exploit the vulnerability to submit a special request, gain unauthorized acce...

10CVSS7.3AI score0.03612EPSS
Exploits0References5
CNVD
CNVD
added 2021/02/05 12:0 a.m.8 views

QNAP Systems Helpdesk Access Control Error Vulnerability

Qnap Systems QNAP Systems Helpdesk is a helpdesk application from China Wizlink Qnap Systems. An Access Control Error vulnerability exists in QNAP Systems Helpdesk versions prior to 3.0.3, which arises from improper access control and can be exploited by an attacker to gain control of a QNAP devi...

9.8CVSS7AI score0.01982EPSS
Exploits0References1
CNVD
CNVD
added 2021/02/05 12:0 a.m.10 views

QNAP Systems Helpdesk Access Control Error Vulnerability (CNVD-2021-14803)

Qnap Systems QNAP Systems Helpdesk is a helpdesk application from China Wizlink Qnap Systems. An Access Control Error vulnerability exists in QNAP Systems Inc. Helpdesk versions prior to 3.0.3, which arises from improper access control and can be exploited by an attacker to gain control of a QNAP...

9.8CVSS7AI score0.03042EPSS
Exploits0References1
CVE
CVE
added 2021/01/26 1:22 a.m.42 views

CVE-2020-28998

Geeni GNC-CW013 doorbell (firmware 1.8.1) is affected by CVE-2020-28998 due to a Telnet service vulnerability in which a system account uses a default/static password, enabling remote full control by an unauthenticated attacker. The issue is confirmed across multiple sources; the core root cause ...

10CVSS9.3AI score0.02844EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2020/12/08 12:0 a.m.104 views

Siemens LOGO! 8 BM

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! 8 BM Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Cryptographic Key, Use of a Broken or Risky Cryptographic Algorithm, Insufficiently...

10CVSS8.2AI score0.01372EPSS
Exploits0References9
Carbon Black Blog
Carbon Black Blog
added 2020/11/30 5:0 p.m.31 views

VMware Carbon Black Cloud Adds Device Control

With most organizations now working remotely, the chances your employees may unintentionally use restricted devices and infect your network has grown exponentially. With this threat in mind, we’re happy to announce the release today of device control in the VMware Carbon Black Cloud. Although the...

1.6AI score
Exploits0
CVE
CVE
added 2020/11/02 4:51 p.m.38 views

CVE-2018-17932

CVE-2018-17932 affects JUUKO K-800 (JUUKO Industrial Radio Remote Control). Affected firmware versions prior to the ending formats …9A, …9B, …9C are vulnerable to a replay attack and command forgery (authentication bypass by capture-replay). This could allow attackers to replay commands, view com...

10CVSS9.3AI score0.01489EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/02 4:51 p.m.22 views

CVE-2018-17932

JUUKO K-800 Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc. is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running...

9.5AI score0.01489EPSS
Exploits0References1
OSV
OSV
added 2020/10/16 9:15 p.m.3 views

CVE-2020-1664

A stack buffer overflow vulnerability in the device control daemon DCD on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service DoS against the daemon or execute arbitrary code in the system with root privilege. This issue affects Juniper Networks Junos OS: 17....

7.8CVSS7.6AI score0.00407EPSS
Exploits0References1
Rows per page
Query Builder