Search Results (363061 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-30169 1 Meritlilin 82 P2g1022, P2g1022 Firmware, P2g1022x and 79 more 2024-11-21 5.3 Medium
The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential.
CVE-2021-30168 1 Meritlilin 82 P2g1022, P2g1022 Firmware, P2g1022x and 79 more 2024-11-21 9.8 Critical
The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices.
CVE-2021-30167 1 Meritlilin 82 P2g1022, P2g1022 Firmware, P2g1022x and 79 more 2024-11-21 9.8 Critical
The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.
CVE-2021-30166 1 Meritlilin 82 P2g1022, P2g1022 Firmware, P2g1022x and 79 more 2024-11-21 7.2 High
The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.
CVE-2021-30165 1 Edimax 2 Ic-3140w, Ic-3140w Firmware 2024-11-21 7.5 High
The default administrator account & password of the EDIMAX wireless network camera is hard-coded. Remote attackers can disassemble firmware to obtain the privileged permission and further control the devices.
CVE-2021-30164 2 Debian, Redmine 2 Debian Linux, Redmine 2024-11-21 9.8 Critical
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
CVE-2021-30163 2 Debian, Redmine 2 Debian Linux, Redmine 2024-11-21 7.5 High
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.
CVE-2021-30162 1 Google 1 Android 2024-11-21 7.1 High
An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).
CVE-2021-30161 1 Google 1 Android 2024-11-21 5.5 Medium
An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-210002 (April 2021).
CVE-2021-30159 3 Debian, Fedoraproject, Mediawiki 3 Debian Linux, Fedora, Mediawiki 2024-11-21 4.3 Medium
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master.
CVE-2021-30158 3 Debian, Fedoraproject, Mediawiki 3 Debian Linux, Fedora, Mediawiki 2024-11-21 5.3 Medium
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.
CVE-2021-30157 3 Debian, Fedoraproject, Mediawiki 3 Debian Linux, Fedora, Mediawiki 2024-11-21 6.1 Medium
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.
CVE-2021-30156 2 Fedoraproject, Mediawiki 2 Fedora, Mediawiki 2024-11-21 4.3 Medium
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists.
CVE-2021-30155 3 Debian, Fedoraproject, Mediawiki 3 Debian Linux, Fedora, Mediawiki 2024-11-21 4.3 Medium
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page.
CVE-2021-30154 3 Debian, Fedoraproject, Mediawiki 3 Debian Linux, Fedora, Mediawiki 2024-11-21 6.1 Medium
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS.
CVE-2021-30152 3 Debian, Fedoraproject, Mediawiki 3 Debian Linux, Fedora, Mediawiki 2024-11-21 4.3 Medium
An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.
CVE-2021-30151 3 Contribsys, Debian, Redhat 3 Sidekiq, Debian Linux, Satellite 2024-11-21 6.1 Medium
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
CVE-2021-30150 1 Ocproducts 1 Composr 2024-11-21 6.1 Medium
Composr 10.0.36 allows XSS in an XML script.
CVE-2021-30149 1 Ocproducts 1 Composr 2024-11-21 9.8 Critical
Composr 10.0.36 allows upload and execution of PHP files.
CVE-2021-30147 1 Dmasoftlab 1 Radius Manager 2024-11-21 8.8 High
DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php.