CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2021-31757 787 Exec Code Overflow 2021-05-07 2021-05-10
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
302 CVE-2021-31756 787 Exec Code Overflow 2021-05-07 2021-05-10
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copied to the stack variable.
303 CVE-2021-31755 787 Exec Code Overflow 2021-05-07 2021-05-10
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
304 CVE-2021-31698 88 2021-08-12 2021-08-23
10.0
None Remote Low Not required Complete Complete Complete
Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon.
305 CVE-2021-31630 78 Exec Code 2021-08-03 2021-08-12
9.0
None Remote Low ??? Complete Complete Complete
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
306 CVE-2021-31590 863 2021-07-19 2021-09-13
9.0
None Remote Low ??? Complete Complete Complete
PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user" privilege. Even after a user's account is deleted, the user can still access the administration panel (and add or delete users) and has complete access to the system.
307 CVE-2021-31580 78 Bypass 2021-07-22 2021-08-09
10.0
None Remote Low Not required Complete Complete Complete
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
308 CVE-2021-31475 732 Exec Code 2021-05-21 2021-06-03
9.0
None Remote Low ??? Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobRouterService WCF service. The issue is due to the WCF service configuration, which allows a critical resource to be accessed by unprivileged users. An attacker can leverage this vulnerability to execute code in the context of an administrator. Was ZDI-CAN-12007.
309 CVE-2021-31474 502 Exec Code 2021-05-21 2021-06-07
10.0
None Remote Low Not required Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12213.
310 CVE-2021-31372 20 2021-10-19 2021-10-25
9.0
None Remote Low ??? Complete Complete Complete
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privileges to root over the target device. This issue affects: Juniper Networks Junos OS All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2;
311 CVE-2021-31350 269 2021-10-19 2021-10-25
9.0
None Remote Low ??? Complete Complete Complete
An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the targeted system. The issue is caused by the JET service daemon (jsd) process authenticating the user, then passing configuration operations directly to the management daemon (mgd) process, which runs as root. This issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R2-S3, 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1-EVO versions prior to 21.1R2-EVO.
312 CVE-2021-31324 77 Exec Code 2021-05-18 2021-05-24
10.0
None Remote Low Not required Complete Complete Complete
The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution.
313 CVE-2021-31316 89 Sql 2021-05-18 2021-05-24
10.0
None Remote Low Not required Complete Complete Complete
The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter.
314 CVE-2021-31217 276 2021-07-13 2021-07-15
9.4
None Remote Low Not required None Complete Complete
In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.
315 CVE-2021-31214 77 Exec Code 2021-05-11 2021-05-21
9.3
None Remote Medium Not required Complete Complete Complete
Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31211.
316 CVE-2021-30916 787 Exec Code Mem. Corr. 2021-08-24 2021-11-01
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.
317 CVE-2021-30914 787 Exec Code Mem. Corr. 2021-08-24 2021-11-01
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1. An application may be able to execute arbitrary code with kernel privileges.
318 CVE-2021-30909 787 Exec Code Mem. Corr. 2021-08-24 2021-11-02
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges.
319 CVE-2021-30901 787 Exec Code 2021-08-24 2021-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.
320 CVE-2021-30900 787 Exec Code 2021-08-24 2021-11-02
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges.
321 CVE-2021-30894 787 Exec Code Mem. Corr. 2021-08-24 2021-11-02
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1. An application may be able to execute arbitrary code with kernel privileges.
322 CVE-2021-30886 416 Exec Code 2021-08-24 2021-11-01
9.3
None Remote Medium Not required Complete Complete Complete
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. An application may be able to execute arbitrary code with kernel privileges.
323 CVE-2021-30883 787 Exec Code Mem. Corr. 2021-08-24 2021-11-01
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
324 CVE-2021-30869 843 Exec Code 2021-08-24 2021-10-20
9.3
None Remote Medium Not required Complete Complete Complete
A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.
325 CVE-2021-30865 125 Exec Code 2021-08-24 2021-11-01
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6, Security Update 2021-005 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges.
326 CVE-2021-30859 843 Exec Code 2021-08-24 2021-11-01
9.3
None Remote Medium Not required Complete Complete Complete
A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges.
327 CVE-2021-30838 Exec Code Mem. Corr. 2021-10-19 2021-11-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to execute arbitrary code with system privileges on devices with an Apple Neural Engine.
328 CVE-2021-30837 Exec Code 2021-10-19 2021-11-04
9.3
None Remote Medium Not required Complete Complete Complete
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An application may be able to execute arbitrary code with kernel privileges.
329 CVE-2021-30830 787 Exec Code Mem. Corr. 2021-10-19 2021-10-22
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges.
330 CVE-2021-30824 787 Exec Code Mem. Corr. 2021-10-28 2021-11-02
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.
331 CVE-2021-30821 Exec Code Mem. Corr. 2021-10-28 2021-11-02
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.
332 CVE-2021-30807 Exec Code Mem. Corr. 2021-10-19 2021-10-20
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
333 CVE-2021-30805 787 Exec Code Mem. Corr. 2021-09-08 2021-09-16
10.0
None Remote Low Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.
334 CVE-2021-30799 787 Exec Code Mem. Corr. 2021-09-08 2021-09-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.
335 CVE-2021-30795 416 Exec Code 2021-09-08 2021-09-16
9.3
None Remote Medium Not required Complete Complete Complete
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.
336 CVE-2021-30793 Exec Code 2021-09-08 2021-09-15
10.0
None Remote Low Not required Complete Complete Complete
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.
337 CVE-2021-30780 787 +Priv 2021-09-08 2021-09-17
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A malicious application may be able to gain root privileges.
338 CVE-2021-30777 74 +Priv 2021-09-08 2021-09-17
9.3
None Remote Medium Not required Complete Complete Complete
An injection issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges.
339 CVE-2021-30774 +Priv 2021-09-08 2021-09-15
9.3
None Remote Medium Not required Complete Complete Complete
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. A malicious application may be able to gain root privileges.
340 CVE-2021-30772 269 +Priv 2021-09-08 2021-09-15
9.3
None Remote Medium Not required Complete Complete Complete
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to gain root privileges.
341 CVE-2021-30766 787 Exec Code 2021-09-08 2021-09-16
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.
342 CVE-2021-30765 787 Exec Code 2021-09-08 2021-09-16
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.
343 CVE-2021-30748 787 Exec Code Mem. Corr. 2021-09-08 2021-09-22
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. An application may be able to execute arbitrary code with kernel privileges.
344 CVE-2021-30740 Exec Code 2021-09-08 2021-09-22
9.3
None Remote Medium Not required Complete Complete Complete
A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. A malicious application may be able to execute arbitrary code with kernel privileges.
345 CVE-2021-30736 120 Exec Code Overflow 2021-09-08 2021-09-22
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An application may be able to execute arbitrary code with kernel privileges.
346 CVE-2021-30735 787 Exec Code 2021-09-08 2021-09-22
9.3
None Remote Medium Not required Complete Complete Complete
A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking.
347 CVE-2021-30728 787 Exec Code 2021-09-08 2021-09-22
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges.
348 CVE-2021-30726 787 Exec Code 2021-09-08 2021-09-22
9.3
None Remote Medium Not required Complete Complete Complete
A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking.
349 CVE-2021-30681 20 +Priv 2021-09-08 2021-09-20
9.3
None Remote Medium Not required Complete Complete Complete
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to gain root privileges.
350 CVE-2021-30672 787 +Priv Mem. Corr. 2021-09-08 2021-09-16
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.