NVD

NVD API Key

NVD Release of CVMAP

New NVD CVE/CPE API and Legacy SOAP Service Retirement!

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2021-40612 - An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.
Published: December 22, 2021; 8:15:07 AM -0500

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-45418 - Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected products include: Nova 360 Cabinet <=1.3.0.0.6 - Fixed: 1.3.0.0.9 and Titan 180 Premium <=1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0.
Published: December 22, 2021; 11:15:08 AM -0500

V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-44733 - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
Published: December 22, 2021; 12:15:09 PM -0500

V3.1: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2021-45419 - Certain Starcharge products are affected by Improper Input Validation. The affected products include: Nova 360 Cabinet <= 1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0 and Titan 180 Premium <= 1.3.0.0.6 - Fixed: 1.3.0.0.9.
Published: December 22, 2021; 12:15:09 PM -0500

V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-37706 - PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attri... read CVE-2021-37706
Published: December 22, 2021; 1:15:07 PM -0500

V3.1: 9.8 CRITICAL
V2.0: 9.3 HIGH
CVE-2021-43804 - PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's leng... read CVE-2021-43804
Published: December 22, 2021; 1:15:07 PM -0500

V3.1: 7.3 HIGH
V2.0: 7.5 HIGH
CVE-2021-21880 - A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request t... read CVE-2021-21880
Published: December 22, 2021; 2:15:09 PM -0500

V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-21881 - An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated H... read CVE-2021-21881
Published: December 22, 2021; 2:15:09 PM -0500

V3.1: 9.9 CRITICAL
V2.0: 9.0 HIGH
CVE-2021-21882 - An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP r... read CVE-2021-21882
Published: December 22, 2021; 2:15:09 PM -0500

V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2021-21883 - An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticate... read CVE-2021-21883
Published: December 22, 2021; 2:15:09 PM -0500

V3.1: 9.9 CRITICAL
V2.0: 9.0 HIGH
CVE-2021-21884 - An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated H... read CVE-2021-21884
Published: December 22, 2021; 2:15:09 PM -0500

V3.1: 9.1 CRITICAL
V2.0: 9.0 HIGH
CVE-2021-21885 - A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to tr... read CVE-2021-21885
Published: December 22, 2021; 2:15:09 PM -0500

V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-21886 - A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to information disclosure. An attacker can make an authenticated HTTP reque... read CVE-2021-21886
Published: December 22, 2021; 2:15:09 PM -0500

V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-21887 - A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authe... read CVE-2021-21887
Published: December 22, 2021; 2:15:09 PM -0500

V3.1: 9.1 CRITICAL
V2.0: 6.5 MEDIUM
CVE-2021-21888 - An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make ... read CVE-2021-21888
Published: December 22, 2021; 2:15:09 PM -0500

V3.1: 9.1 CRITICAL
V2.0: 9.0 HIGH
CVE-2021-21889 - A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated H... read CVE-2021-21889
Published: December 22, 2021; 2:15:09 PM -0500

V3.1: 9.9 CRITICAL
V2.0: 6.5 MEDIUM
CVE-2021-21890 - A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in the vulnerable portion of th... read CVE-2021-21890
Published: December 22, 2021; 2:15:09 PM -0500

V3.1: 9.1 CRITICAL
V2.0: 6.5 MEDIUM
CVE-2021-21891 - A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in the vulnerable portion of th... read CVE-2021-21891
Published: December 22, 2021; 2:15:09 PM -0500

V3.1: 9.1 CRITICAL
V2.0: 6.5 MEDIUM
CVE-2021-21892 - A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authentica... read CVE-2021-21892
Published: December 22, 2021; 2:15:09 PM -0500

V3.1: 9.9 CRITICAL
V2.0: 6.5 MEDIUM
CVE-2021-21894 - A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can mak... read CVE-2021-21894
Published: December 22, 2021; 2:15:09 PM -0500

V3.1: 9.1 CRITICAL
V2.0: 6.5 MEDIUM

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database