|
200661
|
6.8 |
MEDIUM
Physics
|
trendnet
|
tew-827dru_firmware
|
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead…
|
CWE-59
Link Following
|
CVE-2021-20153
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200662
|
6.5 |
MEDIUM
Network
|
trendnet
|
tew-827dru_firmware
|
Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-20152
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200663
|
5.3 |
MEDIUM
Network
|
trendnet
|
tew-827dru_firmware
|
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-20150
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200664
|
9.8 |
CRITICAL
Network
|
trendnet
|
tew-827dru_firmware
|
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IP…
|
CWE-863
Incorrect Authorization
|
CVE-2021-20149
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200665
|
10.0 |
CRITICAL
Network
|
trendnet
|
tew-827dru_firmware
|
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software manages web sessions based on IP address rather than verifying cl…
|
CWE-384
Session Fixation
|
CVE-2021-20151
|
2024-11-21 14:46 |
2021-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200666
|
7.2 |
HIGH
Network
|
redhat
|
jboss_enterprise_application_platform
|
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using…
|
-
|
CVE-2021-20318
|
2024-11-21 14:46 |
2021-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200667
|
7.5 |
HIGH
Network
|
mitsubishielectric
|
gx_works2
|
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Wo…
|
NVD-CWE-Other
|
CVE-2021-20608
|
2024-11-21 14:46 |
2021-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200668
|
5.5 |
MEDIUM
Local
|
mitsubishielectric
|
melsoft_navigator
gx_works2
ezsocket
|
Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2021-20607
|
2024-11-21 14:46 |
2021-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200669
|
5.5 |
MEDIUM
Local
|
mitsubishielectric
|
melsoft_navigator
gx_works2
ezsocket
|
Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5…
|
CWE-125
Out-of-bounds Read
|
CVE-2021-20606
|
2024-11-21 14:46 |
2021-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200670
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This…
|
CWE-20
Improper Input Validation
|
CVE-2021-20330
|
2024-11-21 14:46 |
2021-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
