| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-27516 | — | Hig | 0.42 | 7.5 | 0.02 | Feb 22, 2021 | URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. | |
| CVE-2021-27513 | Hig | 0.59 | 8.8 | 0.28 | Feb 22, 2021 | The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside." | ||
| CVE-2020-28248 | — | Hig | 0.50 | 8.8 | 0.02 | Feb 20, 2021 | An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file. | |
| CVE-2021-27509 | Hig | 0.49 | 7.5 | 0.01 | Feb 19, 2021 | In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code. | ||
| CVE-2020-27997 | Hig | 0.57 | 8.8 | 0.01 | Feb 19, 2021 | An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account). | ||
| CVE-2020-24617 | Hig | 0.00 | 8.8 | 0.01 | Feb 19, 2021 | Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped. | ||
| CVE-2020-12873 | Hig | 0.57 | 8.8 | 0.02 | Feb 19, 2021 | An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running… | ||
| CVE-2021-20588 | Hig | 0.49 | 7.5 | 0.06 | Feb 19, 2021 | Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions… | ||
| CVE-2021-20587 | Hig | 0.49 | 7.5 | 0.04 | Feb 19, 2021 | Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR… | ||
| CVE-2020-9050 | — | Hig | 0.49 | 7.5 | 0.02 | Feb 19, 2021 | Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system. | |
| CVE-2020-25171 | Hig | 0.51 | 7.8 | 0.01 | Feb 19, 2021 | The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. | ||
| CVE-2021-23342 | — | Hig | 0.49 | 8.6 | 0.02 | Feb 19, 2021 | This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization… | |
| CVE-2021-21512 | Hig | 0.51 | 7.9 | 0.00 | Feb 19, 2021 | Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account. | ||
| CVE-2020-13549 | Hig | 0.51 | 7.8 | 0.00 | Feb 19, 2021 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to… | ||
| CVE-2021-22703 | Hig | 0.49 | 7.5 | 0.01 | Feb 19, 2021 | A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious… | ||
| CVE-2021-22702 | Hig | 0.49 | 7.5 | 0.01 | Feb 19, 2021 | A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials… | ||
| CVE-2021-26296 | Hig | 0.42 | 7.5 | 0.03 | Feb 19, 2021 | In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although… | ||
| CVE-2020-36249 | Hig | 0.49 | 7.5 | 0.01 | Feb 19, 2021 | The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares. | ||
| CVE-2020-10252 | Hig | 0.54 | 8.3 | 0.01 | Feb 19, 2021 | An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack. | ||
| CVE-2020-36247 | Hig | 0.50 | 8.8 | 0.00 | Feb 19, 2021 | Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. | ||
| CVE-2020-24908 | Hig | 0.51 | 7.8 | 0.00 | Feb 19, 2021 | Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory. | ||
| CVE-2021-27405 | — | Hig | 0.00 | 7.5 | 0.02 | Feb 19, 2021 | A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js. | |
| CVE-2020-36246 | Hig | 0.44 | 7.8 | 0.00 | Feb 19, 2021 | Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link. | ||
| CVE-2020-19513 | Hig | 0.51 | 7.8 | 0.00 | Feb 19, 2021 | Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler. | ||
| CVE-2021-26712 | Hig | 0.49 | 7.5 | 0.04 | Feb 18, 2021 | Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets. | ||
| CVE-2021-26717 | Hig | 0.49 | 7.5 | 0.02 | Feb 18, 2021 | An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in… | ||
| CVE-2020-36233 | Hig | 0.51 | 7.8 | 0.00 | Feb 18, 2021 | The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | ||
| CVE-2021-27379 | Hig | 0.51 | 7.8 | 0.00 | Feb 18, 2021 | An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were… | ||
| CVE-2021-23341 | Hig | 0.42 | 7.5 | 0.03 | Feb 18, 2021 | The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components. | ||
| CVE-2020-28499 | — | Hig | 0.41 | 7.3 | 0.01 | Feb 18, 2021 | All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge . | |
| CVE-2020-28491 | — | Hig | 0.42 | 7.5 | 0.03 | Feb 18, 2021 | This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception. | |
| CVE-2021-23340 | — | Hig | 0.39 | 7.1 | 0.01 | Feb 18, 2021 | This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this… | |
| CVE-2021-20443 | Hig | 0.57 | 8.8 | 0.01 | Feb 18, 2021 | IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619. | ||
| CVE-2021-20354 | Hig | 0.49 | 7.5 | 0.04 | Feb 18, 2021 | IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883. | ||
| CVE-2020-28496 | — | Hig | 0.00 | 7.5 | 0.03 | Feb 18, 2021 | This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = "rgb(" for (var i = 0; i < n; i++) { ret += " " } return ret + ""; } var Color = three.Color var time =… | |
| CVE-2020-29664 | Hig | 0.51 | 7.8 | 0.01 | Feb 18, 2021 | A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet. | ||
| CVE-2020-9306 | Hig | 0.57 | 8.8 | 0.01 | Feb 18, 2021 | Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account. | ||
| CVE-2020-12878 | Hig | 0.51 | 7.8 | 0.01 | Feb 18, 2021 | Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. | ||
| CVE-2021-27138 | Hig | 0.00 | 7.8 | 0.01 | Feb 17, 2021 | The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT. | ||
| CVE-2021-27097 | Hig | 0.00 | 7.8 | 0.01 | Feb 17, 2021 | The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT. | ||
| CVE-2020-8625 | Hig | 0.58 | 8.1 | 0.64 | Feb 17, 2021 | BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid… | ||
| CVE-2021-27374 | Hig | 0.49 | 7.5 | 0.01 | Feb 17, 2021 | VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve "Zugriff auf Inhalte der WebOffice Applikation." | ||
| CVE-2021-26720 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE:… | ||
| CVE-2020-36245 | — | Hig | 0.50 | 8.8 | 0.02 | Feb 17, 2021 | GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network. | |
| CVE-2021-3396 | — | Hig | 0.00 | 8.8 | 0.02 | Feb 17, 2021 | OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions. | |
| CVE-2021-27367 | — | Hig | 0.00 | 7.5 | 0.02 | Feb 17, 2021 | Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. | |
| CVE-2021-26911 | Hig | 0.00 | 7.4 | 0.01 | Feb 17, 2021 | core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode. | ||
| CVE-2020-13555 | Hig | 0.57 | 8.8 | 0.01 | Feb 17, 2021 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM… | ||
| CVE-2020-13553 | Hig | 0.57 | 8.8 | 0.01 | Feb 17, 2021 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to… | ||
| CVE-2020-13552 | Hig | 0.57 | 8.8 | 0.01 | Feb 17, 2021 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or… |
- risk 0.42cvss 7.5epss 0.02
URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
- risk 0.59cvss 8.8epss 0.28
The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."
- risk 0.50cvss 8.8epss 0.02
An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file.
- risk 0.49cvss 7.5epss 0.01
In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account).
- risk 0.00cvss 8.8epss 0.01
Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running…
- risk 0.49cvss 7.5epss 0.06
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions…
- risk 0.49cvss 7.5epss 0.04
Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR…
- risk 0.49cvss 7.5epss 0.02
Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system.
- risk 0.51cvss 7.8epss 0.01
The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
- risk 0.49cvss 8.6epss 0.02
This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization…
- risk 0.51cvss 7.9epss 0.00
Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account.
- risk 0.51cvss 7.8epss 0.00
An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to…
- risk 0.49cvss 7.5epss 0.01
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious…
- risk 0.49cvss 7.5epss 0.01
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials…
- risk 0.42cvss 7.5epss 0.03
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although…
- risk 0.49cvss 7.5epss 0.01
The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.
- risk 0.54cvss 8.3epss 0.01
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.
- risk 0.50cvss 8.8epss 0.00
Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.
- risk 0.51cvss 7.8epss 0.00
Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.
- risk 0.00cvss 7.5epss 0.02
A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js.
- risk 0.44cvss 7.8epss 0.00
Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link.
- risk 0.51cvss 7.8epss 0.00
Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler.
- risk 0.49cvss 7.5epss 0.04
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in…
- risk 0.51cvss 7.8epss 0.00
The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were…
- risk 0.42cvss 7.5epss 0.03
The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.
- risk 0.41cvss 7.3epss 0.01
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .
- risk 0.42cvss 7.5epss 0.03
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
- risk 0.39cvss 7.1epss 0.01
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this…
- risk 0.57cvss 8.8epss 0.01
IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619.
- risk 0.49cvss 7.5epss 0.04
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.
- risk 0.00cvss 7.5epss 0.03
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = "rgb(" for (var i = 0; i < n; i++) { ret += " " } return ret + ""; } var Color = three.Color var time =…
- risk 0.51cvss 7.8epss 0.01
A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.
- risk 0.57cvss 8.8epss 0.01
Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account.
- risk 0.51cvss 7.8epss 0.01
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.
- risk 0.00cvss 7.8epss 0.01
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.
- risk 0.00cvss 7.8epss 0.01
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.
- risk 0.58cvss 8.1epss 0.64
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid…
- risk 0.49cvss 7.5epss 0.01
VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve "Zugriff auf Inhalte der WebOffice Applikation."
- risk 0.51cvss 7.8epss 0.00
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE:…
- risk 0.50cvss 8.8epss 0.02
GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network.
- risk 0.00cvss 8.8epss 0.02
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions.
- risk 0.00cvss 7.5epss 0.02
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.
- risk 0.00cvss 7.4epss 0.01
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.
- risk 0.57cvss 8.8epss 0.01
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM…
- risk 0.57cvss 8.8epss 0.01
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to…
- risk 0.57cvss 8.8epss 0.01
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or…