| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32769 | Hig | 0.42 | 7.5 | 0.02 | Jul 16, 2021 | Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs… | ||
| CVE-2021-35962 | Hig | 0.49 | 7.5 | 0.02 | Jul 16, 2021 | Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission. | ||
| CVE-2021-28053 | Hig | 0.57 | 8.8 | 0.02 | Jul 16, 2021 | An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters. | ||
| CVE-2021-3649 | Hig | 0.00 | 7.5 | 0.01 | Jul 16, 2021 | chatwoot is vulnerable to Inefficient Regular Expression Complexity | ||
| CVE-2021-1422 | Hig | 0.50 | 7.7 | 0.01 | Jul 16, 2021 | A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an… | ||
| CVE-2021-21819 | Hig | 0.47 | 7.2 | 0.03 | Jul 16, 2021 | A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||
| CVE-2021-21818 | Hig | 0.49 | 7.5 | 0.02 | Jul 16, 2021 | A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of requests to trigger this vulnerability. | ||
| CVE-2021-21817 | Hig | 0.49 | 7.5 | 0.02 | Jul 16, 2021 | An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send a sequence of requests to trigger this… | ||
| CVE-2021-32764 | Hig | 0.53 | 8.1 | 0.01 | Jul 15, 2021 | Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy.… | ||
| CVE-2021-36753 | — | Hig | 0.44 | 7.8 | 0.00 | Jul 15, 2021 | sharkdp BAT before 0.18.2 executes less.exe from the current working directory. | |
| CVE-2021-0286 | Hig | 0.49 | 7.5 | 0.01 | Jul 15, 2021 | A vulnerability in the handling of exceptional conditions in Juniper Networks Junos OS Evolved (EVO) allows an attacker to send specially crafted packets to the device, causing the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) process to crash and… | ||
| CVE-2021-0285 | Hig | 0.49 | 7.5 | 0.01 | Jul 15, 2021 | An uncontrolled resource consumption vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series switches allows an attacker sending large amounts of legitimate traffic destined to the device to cause Interchassis Control Protocol (ICCP) interruptions, leading… | ||
| CVE-2021-0283 | Hig | 0.49 | 7.5 | 0.01 | Jul 15, 2021 | A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can… | ||
| CVE-2021-0282 | Hig | 0.49 | 7.5 | 0.01 | Jul 15, 2021 | On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this UPDATE message will create… | ||
| CVE-2021-0280 | Hig | 0.49 | 7.5 | 0.01 | Jul 15, 2021 | Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS… | ||
| CVE-2021-0279 | Hig | 0.56 | 8.6 | 0.01 | Jul 15, 2021 | Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to… | ||
| CVE-2021-0278 | Hig | 0.57 | 8.8 | 0.01 | Jul 15, 2021 | An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. junos:18.3R3-S5 junos:18.4R3-S9 junos:19.1R3-S6 junos:19.3R2-S6 junos:19.3R3-S3 junos:19.4R1-S4… | ||
| CVE-2021-0277 | Hig | 0.57 | 8.8 | 0.01 | Jul 15, 2021 | An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution… | ||
| CVE-2020-11634 | Hig | 0.51 | 7.8 | 0.00 | Jul 15, 2021 | The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context. | ||
| CVE-2020-11632 | Hig | 0.51 | 7.8 | 0.00 | Jul 15, 2021 | The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges. | ||
| CVE-2021-32770 | Hig | 0.49 | 7.5 | 0.01 | Jul 15, 2021 | Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the… | ||
| CVE-2021-34830 | Hig | 0.57 | 8.8 | 0.02 | Jul 15, 2021 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header.… | ||
| CVE-2021-34829 | Hig | 0.57 | 8.8 | 0.02 | Jul 15, 2021 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP… | ||
| CVE-2021-34828 | Hig | 0.57 | 8.8 | 0.02 | Jul 15, 2021 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP… | ||
| CVE-2021-34827 | Hig | 0.57 | 8.8 | 0.02 | Jul 15, 2021 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP… | ||
| CVE-2021-29742 | Hig | 0.52 | 8.0 | 0.00 | Jul 15, 2021 | IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483. | ||
| CVE-2021-20533 | Hig | 0.47 | 7.2 | 0.02 | Jul 15, 2021 | IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813 | ||
| CVE-2021-20497 | Hig | 0.49 | 7.5 | 0.01 | Jul 15, 2021 | IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969 | ||
| CVE-2021-3043 | Hig | 0.49 | 7.5 | 0.01 | Jul 15, 2021 | A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud… | ||
| CVE-2021-3042 | Hig | 0.51 | 7.8 | 0.00 | Jul 15, 2021 | A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file… | ||
| CVE-2021-21586 | Hig | 0.53 | 8.1 | 0.04 | Jul 15, 2021 | Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system. | ||
| CVE-2021-32743 | Hig | 0.57 | 8.8 | 0.02 | Jul 15, 2021 | Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require… | ||
| CVE-2021-29725 | Hig | 0.49 | 7.5 | 0.03 | Jul 15, 2021 | IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. | ||
| CVE-2021-20439 | Hig | 0.49 | 7.5 | 0.01 | Jul 15, 2021 | IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. | ||
| CVE-2020-12734 | Hig | 0.53 | 8.1 | 0.01 | Jul 15, 2021 | DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Default settings. | ||
| CVE-2020-12733 | Hig | 0.49 | 7.5 | 0.01 | Jul 15, 2021 | Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account. | ||
| CVE-2021-32739 | Hig | 0.57 | 8.8 | 0.01 | Jul 15, 2021 | Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API… | ||
| CVE-2020-25736 | Hig | 0.54 | 7.8 | 0.02 | Jul 15, 2021 | Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration. | ||
| CVE-2020-15495 | Hig | 0.51 | 7.8 | 0.00 | Jul 15, 2021 | Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration. | ||
| CVE-2020-12731 | Hig | 0.49 | 7.5 | 0.01 | Jul 15, 2021 | The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications. | ||
| CVE-2021-34692 | Hig | 0.51 | 7.8 | 0.00 | Jul 15, 2021 | iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges. | ||
| CVE-2021-34691 | Hig | 0.49 | 7.5 | 0.01 | Jul 15, 2021 | iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port. | ||
| CVE-2020-15496 | Hig | 0.51 | 7.8 | 0.00 | Jul 15, 2021 | Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions. | ||
| CVE-2021-33505 | Hig | 0.00 | 7.8 | 0.00 | Jul 15, 2021 | A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1. | ||
| CVE-2021-31999 | Hig | 0.57 | 8.8 | 0.01 | Jul 15, 2021 | A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher… | ||
| CVE-2021-25318 | Hig | 0.57 | 8.8 | 0.01 | Jul 15, 2021 | A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16. | ||
| CVE-2020-36420 | Hig | 0.42 | 7.5 | 0.02 | Jul 15, 2021 | Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||
| CVE-2020-29157 | Hig | 0.51 | 7.8 | 0.00 | Jul 14, 2021 | An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted. | ||
| CVE-2021-34173 | Hig | 0.49 | 7.5 | 0.01 | Jul 14, 2021 | An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover. | ||
| CVE-2021-34529 | Hig | 0.51 | 7.8 | 0.04 | Jul 14, 2021 | Visual Studio Code Remote Code Execution Vulnerability |
- risk 0.42cvss 7.5epss 0.02
Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs…
- risk 0.49cvss 7.5epss 0.02
Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters.
- risk 0.00cvss 7.5epss 0.01
chatwoot is vulnerable to Inefficient Regular Expression Complexity
- risk 0.50cvss 7.7epss 0.01
A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an…
- risk 0.47cvss 7.2epss 0.03
A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
- risk 0.49cvss 7.5epss 0.02
A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of requests to trigger this vulnerability.
- risk 0.49cvss 7.5epss 0.02
An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send a sequence of requests to trigger this…
- risk 0.53cvss 8.1epss 0.01
Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy.…
- risk 0.44cvss 7.8epss 0.00
sharkdp BAT before 0.18.2 executes less.exe from the current working directory.
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the handling of exceptional conditions in Juniper Networks Junos OS Evolved (EVO) allows an attacker to send specially crafted packets to the device, causing the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) process to crash and…
- risk 0.49cvss 7.5epss 0.01
An uncontrolled resource consumption vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series switches allows an attacker sending large amounts of legitimate traffic destined to the device to cause Interchassis Control Protocol (ICCP) interruptions, leading…
- risk 0.49cvss 7.5epss 0.01
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can…
- risk 0.49cvss 7.5epss 0.01
On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this UPDATE message will create…
- risk 0.49cvss 7.5epss 0.01
Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS…
- risk 0.56cvss 8.6epss 0.01
Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to…
- risk 0.57cvss 8.8epss 0.01
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. junos:18.3R3-S5 junos:18.4R3-S9 junos:19.1R3-S6 junos:19.3R2-S6 junos:19.3R3-S3 junos:19.4R1-S4…
- risk 0.57cvss 8.8epss 0.01
An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution…
- risk 0.51cvss 7.8epss 0.00
The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context.
- risk 0.51cvss 7.8epss 0.00
The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.
- risk 0.49cvss 7.5epss 0.01
Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the…
- risk 0.57cvss 8.8epss 0.02
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header.…
- risk 0.57cvss 8.8epss 0.02
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP…
- risk 0.57cvss 8.8epss 0.02
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP…
- risk 0.57cvss 8.8epss 0.02
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP…
- risk 0.52cvss 8.0epss 0.00
IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483.
- risk 0.47cvss 7.2epss 0.02
IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813
- risk 0.49cvss 7.5epss 0.01
IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969
- risk 0.49cvss 7.5epss 0.01
A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud…
- risk 0.51cvss 7.8epss 0.00
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file…
- risk 0.53cvss 8.1epss 0.04
Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system.
- risk 0.57cvss 8.8epss 0.02
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require…
- risk 0.49cvss 7.5epss 0.03
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.
- risk 0.49cvss 7.5epss 0.01
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.
- risk 0.53cvss 8.1epss 0.01
DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Default settings.
- risk 0.49cvss 7.5epss 0.01
Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account.
- risk 0.57cvss 8.8epss 0.01
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API…
- risk 0.54cvss 7.8epss 0.02
Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration.
- risk 0.51cvss 7.8epss 0.00
Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration.
- risk 0.49cvss 7.5epss 0.01
The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications.
- risk 0.51cvss 7.8epss 0.00
iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges.
- risk 0.49cvss 7.5epss 0.01
iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port.
- risk 0.51cvss 7.8epss 0.00
Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions.
- risk 0.00cvss 7.8epss 0.00
A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1.
- risk 0.57cvss 8.8epss 0.01
A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher…
- risk 0.57cvss 8.8epss 0.01
A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16.
- risk 0.42cvss 7.5epss 0.02
Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
- risk 0.51cvss 7.8epss 0.00
An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted.
- risk 0.49cvss 7.5epss 0.01
An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover.
- risk 0.51cvss 7.8epss 0.04
Visual Studio Code Remote Code Execution Vulnerability