| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-13551 | Hig | 0.57 | 8.8 | 0.00 | Feb 17, 2021 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM… | ||
| CVE-2020-13550 | Hig | 0.50 | 7.7 | 0.03 | Feb 17, 2021 | A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability. | ||
| CVE-2021-1366 | Hig | 0.51 | 7.8 | 0.01 | Feb 17, 2021 | A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the… | ||
| CVE-2021-27224 | Hig | 0.52 | 7.5 | 0.38 | Feb 17, 2021 | The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code. | ||
| CVE-2021-25780 | Hig | 0.47 | 7.2 | 0.02 | Feb 17, 2021 | An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell. | ||
| CVE-2020-36003 | Hig | 0.49 | 7.5 | 0.01 | Feb 17, 2021 | The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases. | ||
| CVE-2020-36002 | Hig | 0.49 | 7.5 | 0.02 | Feb 17, 2021 | Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information. | ||
| CVE-2021-22854 | Hig | 0.49 | 7.5 | 0.02 | Feb 17, 2021 | The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege. | ||
| CVE-2021-0109 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Insecure inherited permissions for the Intel(R) SOC driver package for STK1A32SC before version 604 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2020-8678 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access. | ||
| CVE-2020-7849 | Hig | 0.52 | 8.0 | 0.01 | Feb 17, 2021 | A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL. | ||
| CVE-2020-7848 | Hig | 0.52 | 8.0 | 0.01 | Feb 17, 2021 | The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value. | ||
| CVE-2020-24485 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux before kernel version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2020-24482 | Hig | 0.49 | 7.5 | 0.01 | Feb 17, 2021 | Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem before UDE version 9.4.370 may allow unauthenticated user to potentially enable denial of service via network access. | ||
| CVE-2020-24481 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Insecure inherited permissions for the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2020-24462 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Out of bounds write in the Intel(R) Graphics Driver before version 15.33.53.5161, 15.36.40.5162, 15.40.47.5166, 15.45.33.5164 and 27.20.100.8336 may allow an authenticated user to potentially enable an escalation of privilege via local access. | ||
| CVE-2020-24453 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access. | ||
| CVE-2020-24451 | Hig | 0.47 | 7.3 | 0.00 | Feb 17, 2021 | Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2020-24450 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Improper conditions check in some Intel(R) Graphics Drivers before versions 26.20.100.8141, 15.45.32.5145 and 15.40.46.5144 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2020-12385 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2020-12384 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access. | ||
| CVE-2020-12380 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2020-12377 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2020-12369 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2020-12368 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable an escalation of privilege via local access. | ||
| CVE-2020-12367 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow a privileged user to potentially enable an escalation of privilege via local access. | ||
| CVE-2020-12366 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Insufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access. | ||
| CVE-2020-12362 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. | ||
| CVE-2020-12339 | Hig | 0.57 | 8.8 | 0.01 | Feb 17, 2021 | Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access. | ||
| CVE-2020-0544 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Insufficient control flow management in the kernel mode driver for some Intel(R) Graphics Drivers before version 15.36.39.5145 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2020-0521 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | Insufficient control flow management in some Intel(R) Graphics Drivers before version 15.45.32.5145 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2021-22858 | Hig | 0.57 | 8.8 | 0.01 | Feb 17, 2021 | Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions. | ||
| CVE-2021-22857 | Hig | 0.49 | 7.5 | 0.02 | Feb 17, 2021 | The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily. | ||
| CVE-2021-20655 | Hig | 0.47 | 7.2 | 0.04 | Feb 17, 2021 | FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2021-26934 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2021 | An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry. | ||
| CVE-2021-26930 | Hig | 0.00 | 7.8 | 0.00 | Feb 17, 2021 | An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be… | ||
| CVE-2021-27102 | Hig | 0.69 | 7.8 | 0.04 | KEV | Feb 16, 2021 | Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later. | |
| CVE-2021-20075 | Hig | 0.51 | 7.8 | 0.00 | Feb 16, 2021 | Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd. | ||
| CVE-2021-20074 | Hig | 0.57 | 8.8 | 0.01 | Feb 16, 2021 | Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands. | ||
| CVE-2021-20073 | Hig | 0.57 | 8.8 | 0.00 | Feb 16, 2021 | Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries. | ||
| CVE-2021-20072 | Hig | 0.47 | 7.2 | 0.01 | Feb 16, 2021 | Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral. | ||
| CVE-2020-11635 | Hig | 0.51 | 7.8 | 0.00 | Feb 16, 2021 | The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges. | ||
| CVE-2021-23840 | Hig | 0.46 | 7.5 | 0.51 | Feb 16, 2021 | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will… | ||
| CVE-2021-21315 | Hig | 0.12 | 7.1 | 0.90 | KEV | Feb 16, 2021 | The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was… | |
| CVE-2021-20987 | Hig | 0.56 | 8.6 | 0.01 | Feb 16, 2021 | A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery. | ||
| CVE-2021-20986 | Hig | 0.49 | 7.5 | 0.01 | Feb 16, 2021 | A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication. | ||
| CVE-2020-35567 | Hig | 0.51 | 7.8 | 0.00 | Feb 16, 2021 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances. | ||
| CVE-2020-35564 | Hig | 0.49 | 7.5 | 0.01 | Feb 16, 2021 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code. | ||
| CVE-2020-35558 | Hig | 0.49 | 7.5 | 0.01 | Feb 16, 2021 | An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials. | ||
| CVE-2021-27232 | Hig | 0.57 | 8.8 | 0.02 | Feb 16, 2021 | The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a… |
- risk 0.57cvss 8.8epss 0.00
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM…
- risk 0.50cvss 7.7epss 0.03
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.
- risk 0.51cvss 7.8epss 0.01
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the…
- risk 0.52cvss 7.5epss 0.38
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code.
- risk 0.47cvss 7.2epss 0.02
An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell.
- risk 0.49cvss 7.5epss 0.01
The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.
- risk 0.49cvss 7.5epss 0.02
Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information.
- risk 0.49cvss 7.5epss 0.02
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.
- risk 0.51cvss 7.8epss 0.00
Insecure inherited permissions for the Intel(R) SOC driver package for STK1A32SC before version 604 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access.
- risk 0.52cvss 8.0epss 0.01
A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL.
- risk 0.52cvss 8.0epss 0.01
The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.
- risk 0.51cvss 7.8epss 0.00
Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux before kernel version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.49cvss 7.5epss 0.01
Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem before UDE version 9.4.370 may allow unauthenticated user to potentially enable denial of service via network access.
- risk 0.51cvss 7.8epss 0.00
Insecure inherited permissions for the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Out of bounds write in the Intel(R) Graphics Driver before version 15.33.53.5161, 15.36.40.5162, 15.40.47.5166, 15.45.33.5164 and 27.20.100.8336 may allow an authenticated user to potentially enable an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access.
- risk 0.47cvss 7.3epss 0.00
Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Improper conditions check in some Intel(R) Graphics Drivers before versions 26.20.100.8141, 15.45.32.5145 and 15.40.46.5144 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow a privileged user to potentially enable an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Insufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.
- risk 0.57cvss 8.8epss 0.01
Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access.
- risk 0.51cvss 7.8epss 0.00
Insufficient control flow management in the kernel mode driver for some Intel(R) Graphics Drivers before version 15.36.39.5145 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Insufficient control flow management in some Intel(R) Graphics Drivers before version 15.45.32.5145 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.57cvss 8.8epss 0.01
Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.
- risk 0.49cvss 7.5epss 0.02
The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily.
- risk 0.47cvss 7.2epss 0.04
FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.
- risk 0.00cvss 7.8epss 0.00
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be…
- risk 0.69cvss 7.8epss 0.04
Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.
- risk 0.51cvss 7.8epss 0.00
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd.
- risk 0.57cvss 8.8epss 0.01
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands.
- risk 0.57cvss 8.8epss 0.00
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries.
- risk 0.47cvss 7.2epss 0.01
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral.
- risk 0.51cvss 7.8epss 0.00
The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.
- risk 0.46cvss 7.5epss 0.51
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will…
- risk 0.12cvss 7.1epss 0.90
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was…
- risk 0.56cvss 8.6epss 0.01
A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.
- risk 0.49cvss 7.5epss 0.01
A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.
- risk 0.57cvss 8.8epss 0.02
The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a…