| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-6083 | Hig | 0.49 | 7.5 | 0.04 | Oct 14, 2020 | An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can… | ||
| CVE-2020-25188 | Hig | 0.51 | 7.8 | 0.02 | Oct 14, 2020 | An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870). | ||
| CVE-2019-2194 | Hig | 0.51 | 7.8 | 0.00 | Oct 14, 2020 | In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2020-7330 | Hig | 0.49 | 7.5 | 0.00 | Oct 14, 2020 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables | ||
| CVE-2020-12928 | Hig | 0.51 | 7.8 | 0.01 | Oct 13, 2020 | A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system. | ||
| CVE-2020-25645 | Hig | 0.49 | 7.5 | 0.02 | Oct 13, 2020 | A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic… | ||
| CVE-2018-20243 | Hig | 0.49 | 7.5 | 0.03 | Oct 13, 2020 | The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629. | ||
| CVE-2020-15251 | Hig | 0.00 | 7.7 | 0.01 | Oct 13, 2020 | In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected.… | ||
| CVE-2020-17417 | Hig | 0.51 | 7.8 | 0.09 | Oct 13, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | ||
| CVE-2020-17416 | Hig | 0.51 | 7.8 | 0.09 | Oct 13, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | ||
| CVE-2020-17415 | Hig | 0.51 | 7.8 | 0.02 | Oct 13, 2020 | This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw… | ||
| CVE-2020-17414 | Hig | 0.51 | 7.8 | 0.02 | Oct 13, 2020 | This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists… | ||
| CVE-2020-17413 | Hig | 0.51 | 7.8 | 0.04 | Oct 13, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | ||
| CVE-2020-17412 | Hig | 0.51 | 7.8 | 0.04 | Oct 13, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | ||
| CVE-2020-17410 | Hig | 0.51 | 7.8 | 0.09 | Oct 13, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | ||
| CVE-2020-17406 | Hig | 0.58 | 8.8 | 0.05 | Oct 13, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to… | ||
| CVE-2020-16124 | Hig | 0.00 | 7.3 | 0.01 | Oct 13, 2020 | Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue affects: OpenRobotics ros_comm communications packages Noetic and prior versions.… | ||
| CVE-2020-7743 | — | Hig | 0.41 | 7.3 | 0.04 | Oct 13, 2020 | The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates. | |
| CVE-2020-15012 | Hig | 0.56 | 8.6 | 0.03 | Oct 12, 2020 | A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk (that the user running nxrm also has access to). | ||
| CVE-2020-26546 | Hig | 0.49 | 7.5 | 0.01 | Oct 12, 2020 | An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||
| CVE-2020-25825 | Hig | 0.49 | 7.5 | 0.02 | Oct 12, 2020 | In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs. | ||
| CVE-2020-9123 | Hig | 0.51 | 7.8 | 0.01 | Oct 12, 2020 | HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. An attacker induces users to install malicious applications and sends specially constructed packets to affected devices after… | ||
| CVE-2020-9090 | Hig | 0.51 | 7.8 | 0.00 | Oct 12, 2020 | FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product. | ||
| CVE-2020-4388 | Hig | 0.53 | 8.2 | 0.01 | Oct 12, 2020 | IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270. | ||
| CVE-2020-4302 | Hig | 0.51 | 7.8 | 0.02 | Oct 12, 2020 | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the… | ||
| CVE-2020-26869 | Hig | 0.49 | 7.5 | 0.02 | Oct 12, 2020 | ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit. | ||
| CVE-2020-26868 | Hig | 0.49 | 7.5 | 0.02 | Oct 12, 2020 | ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web… | ||
| CVE-2020-4779 | Hig | 0.53 | 8.1 | 0.01 | Oct 12, 2020 | A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156. | ||
| CVE-2020-4778 | Hig | 0.49 | 7.5 | 0.01 | Oct 12, 2020 | IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156. | ||
| CVE-2020-4776 | Hig | 0.49 | 7.5 | 0.02 | Oct 12, 2020 | A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system.… | ||
| CVE-2020-4772 | Hig | 0.53 | 8.1 | 0.01 | Oct 12, 2020 | An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources.… | ||
| CVE-2020-5140 | Hig | 0.49 | 7.5 | 0.02 | Oct 12, 2020 | A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6… | ||
| CVE-2020-5139 | Hig | 0.49 | 7.5 | 0.02 | Oct 12, 2020 | A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7,… | ||
| CVE-2020-5138 | Hig | 0.49 | 7.5 | 0.02 | Oct 12, 2020 | A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12,… | ||
| CVE-2020-5137 | Hig | 0.49 | 7.5 | 0.02 | Oct 12, 2020 | A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12,… | ||
| CVE-2020-5133 | Hig | 0.49 | 7.5 | 0.02 | Oct 12, 2020 | A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | ||
| CVE-2020-26947 | Hig | 0.00 | 7.8 | 0.00 | Oct 10, 2020 | monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory. | ||
| CVE-2020-26945 | — | Hig | 0.00 | 8.1 | 0.02 | Oct 10, 2020 | MyBatis before 3.5.6 mishandles deserialization of object streams. | |
| CVE-2020-26929 | Hig | 0.48 | 7.3 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100. | ||
| CVE-2020-26921 | Hig | 0.54 | 8.3 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3. | ||
| CVE-2020-26920 | Hig | 0.57 | 8.8 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.3.110, SRR60 before 2.5.3.110, and SRS60 before 2.5.3.110. | ||
| CVE-2020-26912 | Hig | 0.49 | 7.5 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2… | ||
| CVE-2020-26911 | Hig | 0.54 | 8.3 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before… | ||
| CVE-2020-26910 | Hig | 0.55 | 8.4 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | ||
| CVE-2020-26909 | Hig | 0.57 | 8.8 | 0.02 | Oct 9, 2020 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.58 and R7500v2 before 1.0.3.48. | ||
| CVE-2020-26522 | Hig | 0.57 | 8.8 | 0.01 | Oct 9, 2020 | A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts. | ||
| CVE-2020-15838 | Hig | 0.57 | 8.8 | 0.01 | Oct 9, 2020 | The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions. | ||
| CVE-2019-19115 | Hig | 0.51 | 7.8 | 0.01 | Oct 8, 2020 | An escalation of privilege vulnerability in Nahimic APO Software Component Driver 1.4.2, 1.5.0, 1.5.1, 1.6.1 and 1.6.2 allows an attacker to execute code with SYSTEM privileges. | ||
| CVE-2020-26894 | Hig | 0.00 | 7.8 | 0.00 | Oct 8, 2020 | LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell()" function, it will attempt to search for "cmd.exe" in the… | ||
| CVE-2020-9048 | Hig | 0.46 | 7.1 | 0.01 | Oct 8, 2020 | A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service… |
- risk 0.49cvss 7.5epss 0.04
An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can…
- risk 0.51cvss 7.8epss 0.02
An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870).
- risk 0.51cvss 7.8epss 0.00
In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.49cvss 7.5epss 0.00
Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables
- risk 0.51cvss 7.8epss 0.01
A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system.
- risk 0.49cvss 7.5epss 0.02
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic…
- risk 0.49cvss 7.5epss 0.03
The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.
- risk 0.00cvss 7.7epss 0.01
In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected.…
- risk 0.51cvss 7.8epss 0.09
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- risk 0.51cvss 7.8epss 0.09
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- risk 0.51cvss 7.8epss 0.02
This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw…
- risk 0.51cvss 7.8epss 0.02
This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists…
- risk 0.51cvss 7.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- risk 0.51cvss 7.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- risk 0.51cvss 7.8epss 0.09
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- risk 0.58cvss 8.8epss 0.05
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to…
- risk 0.00cvss 7.3epss 0.01
Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue affects: OpenRobotics ros_comm communications packages Noetic and prior versions.…
- risk 0.41cvss 7.3epss 0.04
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.
- risk 0.56cvss 8.6epss 0.03
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk (that the user running nxrm also has access to).
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
- risk 0.49cvss 7.5epss 0.02
In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs.
- risk 0.51cvss 7.8epss 0.01
HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. An attacker induces users to install malicious applications and sends specially constructed packets to affected devices after…
- risk 0.51cvss 7.8epss 0.00
FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product.
- risk 0.53cvss 8.2epss 0.01
IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270.
- risk 0.51cvss 7.8epss 0.02
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the…
- risk 0.49cvss 7.5epss 0.02
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit.
- risk 0.49cvss 7.5epss 0.02
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web…
- risk 0.53cvss 8.1epss 0.01
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156.
- risk 0.49cvss 7.5epss 0.01
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156.
- risk 0.49cvss 7.5epss 0.02
A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system.…
- risk 0.53cvss 8.1epss 0.01
An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources.…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7,…
- risk 0.49cvss 7.5epss 0.02
A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12,…
- risk 0.49cvss 7.5epss 0.02
A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12,…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.
- risk 0.00cvss 7.8epss 0.00
monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory.
- risk 0.00cvss 8.1epss 0.02
MyBatis before 3.5.6 mishandles deserialization of object streams.
- risk 0.48cvss 7.3epss 0.01
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100.
- risk 0.54cvss 8.3epss 0.01
Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3.
- risk 0.57cvss 8.8epss 0.01
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.3.110, SRR60 before 2.5.3.110, and SRS60 before 2.5.3.110.
- risk 0.49cvss 7.5epss 0.01
Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2…
- risk 0.54cvss 8.3epss 0.01
Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before…
- risk 0.55cvss 8.4epss 0.01
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.
- risk 0.57cvss 8.8epss 0.02
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.58 and R7500v2 before 1.0.3.48.
- risk 0.57cvss 8.8epss 0.01
A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
- risk 0.57cvss 8.8epss 0.01
The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.
- risk 0.51cvss 7.8epss 0.01
An escalation of privilege vulnerability in Nahimic APO Software Component Driver 1.4.2, 1.5.0, 1.5.1, 1.6.1 and 1.6.2 allows an attacker to execute code with SYSTEM privileges.
- risk 0.00cvss 7.8epss 0.00
LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell()" function, it will attempt to search for "cmd.exe" in the…
- risk 0.46cvss 7.1epss 0.01
A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service…