| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-25461 | Hig | 0.49 | 7.5 | 0.01 | Dec 4, 2020 | Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||
| CVE-2020-27408 | Hig | 0.49 | 7.5 | 0.02 | Dec 4, 2020 | OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users. | ||
| CVE-2020-27766 | Hig | 0.51 | 7.8 | 0.01 | Dec 4, 2020 | A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to… | ||
| CVE-2020-5675 | Hig | 0.49 | 7.5 | 0.03 | Dec 4, 2020 | Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series… | ||
| CVE-2020-29534 | Hig | 0.00 | 7.8 | 0.00 | Dec 3, 2020 | An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94. | ||
| CVE-2020-29529 | — | Hig | 0.42 | 7.5 | 0.03 | Dec 3, 2020 | HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0. | |
| CVE-2020-23740 | Hig | 0.51 | 7.8 | 0.00 | Dec 3, 2020 | In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges. | ||
| CVE-2020-17527 | — | Hig | 0.44 | 7.5 | 0.25 | Dec 3, 2020 | While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent… | |
| CVE-2020-28175 | Hig | 0.51 | 7.8 | 0.00 | Dec 3, 2020 | There is a local privilege escalation vulnerability in Alfredo Milani Comparetti SpeedFan 4.52. Attackers can use constructed programs to increase user privileges | ||
| CVE-2020-13525 | Hig | 0.57 | 8.8 | 0.02 | Dec 3, 2020 | The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger… | ||
| CVE-2020-28251 | Hig | 0.53 | 8.1 | 0.01 | Dec 3, 2020 | NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The… | ||
| CVE-2020-27778 | Hig | 0.49 | 7.5 | 0.02 | Dec 3, 2020 | A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. | ||
| CVE-2020-25693 | Hig | 0.53 | 8.1 | 0.01 | Dec 3, 2020 | A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity. | ||
| CVE-2020-25649 | — | Hig | 0.43 | 7.5 | 0.18 | Dec 3, 2020 | A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. | |
| CVE-2020-23735 | Hig | 0.51 | 7.8 | 0.00 | Dec 3, 2020 | In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Attackers can use the constructed program to increase user privileges | ||
| CVE-2020-14381 | Hig | 0.00 | 7.8 | 0.01 | Dec 3, 2020 | A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to… | ||
| CVE-2020-14351 | Hig | 0.51 | 7.8 | 0.00 | Dec 3, 2020 | A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data… | ||
| CVE-2020-14339 | Hig | 0.57 | 8.8 | 0.00 | Dec 3, 2020 | A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform… | ||
| CVE-2020-13584 | Hig | 0.58 | 8.8 | 0.04 | Dec 3, 2020 | An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. | ||
| CVE-2020-13543 | Hig | 0.57 | 8.8 | 0.03 | Dec 3, 2020 | A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this… | ||
| CVE-2020-13542 | Hig | 0.51 | 7.8 | 0.01 | Dec 3, 2020 | A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service… | ||
| CVE-2020-13531 | Hig | 0.57 | 8.8 | 0.03 | Dec 3, 2020 | A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this… | ||
| CVE-2020-2324 | Hig | 0.42 | 7.5 | 0.01 | Dec 3, 2020 | Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||
| CVE-2020-2322 | Hig | 0.00 | 7.5 | 0.01 | Dec 3, 2020 | Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. | ||
| CVE-2020-2321 | Hig | 0.46 | 8.1 | 0.01 | Dec 3, 2020 | A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project. | ||
| CVE-2020-28939 | Hig | 0.47 | 7.2 | 0.02 | Dec 3, 2020 | OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the… | ||
| CVE-2020-28937 | Hig | 0.49 | 7.5 | 0.01 | Dec 3, 2020 | OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request… | ||
| CVE-2020-6021 | Hig | 0.51 | 7.8 | 0.00 | Dec 3, 2020 | Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a… | ||
| CVE-2020-6111 | Hig | 0.49 | 7.5 | 0.05 | Dec 3, 2020 | An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000,… | ||
| CVE-2020-5680 | Hig | 0.49 | 7.5 | 0.01 | Dec 3, 2020 | Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector. | ||
| CVE-2020-5676 | Hig | 0.49 | 7.5 | 0.02 | Dec 3, 2020 | GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors. | ||
| CVE-2020-26246 | Hig | 0.00 | 7.7 | 0.01 | Dec 3, 2020 | Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions. | ||
| CVE-2020-13493 | Hig | 0.51 | 7.8 | 0.01 | Dec 2, 2020 | A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim… | ||
| CVE-2017-2910 | Hig | 0.57 | 8.8 | 0.02 | Dec 2, 2020 | An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability. | ||
| CVE-2020-25638 | — | Hig | 0.41 | 7.4 | 0.03 | Dec 2, 2020 | A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access… | |
| CVE-2020-12524 | Hig | 0.49 | 7.5 | 0.01 | Dec 2, 2020 | Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service). | ||
| CVE-2020-29458 | Hig | 0.57 | 8.8 | 0.01 | Dec 2, 2020 | Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. | ||
| CVE-2020-5423 | Hig | 0.49 | 7.5 | 0.01 | Dec 2, 2020 | CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM. | ||
| CVE-2020-27813 | — | Hig | 0.42 | 7.5 | 0.02 | Dec 2, 2020 | An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections. | |
| CVE-2020-14305 | Hig | 0.53 | 8.1 | 0.05 | Dec 2, 2020 | An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest… | ||
| CVE-2020-8539 | Hig | 0.54 | 7.8 | 0.02 | Dec 1, 2020 | Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be… | ||
| CVE-2020-28993 | Hig | 0.49 | 7.5 | 0.03 | Dec 1, 2020 | A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request. | ||
| CVE-2020-7547 | — | Hig | 0.57 | 8.8 | 0.01 | Dec 1, 2020 | A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege… | |
| CVE-2020-7545 | — | Hig | 0.47 | 7.2 | 0.02 | Dec 1, 2020 | A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an… | |
| CVE-2020-25181 | Hig | 0.57 | 8.8 | 0.02 | Dec 1, 2020 | WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution. | ||
| CVE-2020-25177 | Hig | 0.57 | 8.8 | 0.02 | Dec 1, 2020 | WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution. | ||
| CVE-2020-7335 | Hig | 0.49 | 7.5 | 0.00 | Dec 1, 2020 | Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing… | ||
| CVE-2020-9117 | Hig | 0.51 | 7.8 | 0.00 | Dec 1, 2020 | HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet… | ||
| CVE-2020-9114 | Hig | 0.51 | 7.8 | 0.00 | Dec 1, 2020 | FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful… | ||
| CVE-2020-9116 | Hig | 0.47 | 7.2 | 0.01 | Dec 1, 2020 | Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher… |
- risk 0.49cvss 7.5epss 0.01
Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV).
- risk 0.49cvss 7.5epss 0.02
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
- risk 0.51cvss 7.8epss 0.01
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to…
- risk 0.49cvss 7.5epss 0.03
Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series…
- risk 0.00cvss 7.8epss 0.00
An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.
- risk 0.42cvss 7.5epss 0.03
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.
- risk 0.51cvss 7.8epss 0.00
In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges.
- risk 0.44cvss 7.5epss 0.25
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent…
- risk 0.51cvss 7.8epss 0.00
There is a local privilege escalation vulnerability in Alfredo Milani Comparetti SpeedFan 4.52. Attackers can use constructed programs to increase user privileges
- risk 0.57cvss 8.8epss 0.02
The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger…
- risk 0.53cvss 8.1epss 0.01
NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The…
- risk 0.49cvss 7.5epss 0.02
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.
- risk 0.53cvss 8.1epss 0.01
A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity.
- risk 0.43cvss 7.5epss 0.18
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
- risk 0.51cvss 7.8epss 0.00
In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Attackers can use the constructed program to increase user privileges
- risk 0.00cvss 7.8epss 0.01
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to…
- risk 0.51cvss 7.8epss 0.00
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data…
- risk 0.57cvss 8.8epss 0.00
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform…
- risk 0.58cvss 8.8epss 0.04
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.
- risk 0.57cvss 8.8epss 0.03
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this…
- risk 0.51cvss 7.8epss 0.01
A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service…
- risk 0.57cvss 8.8epss 0.03
A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this…
- risk 0.42cvss 7.5epss 0.01
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- risk 0.00cvss 7.5epss 0.01
Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.
- risk 0.46cvss 8.1epss 0.01
A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project.
- risk 0.47cvss 7.2epss 0.02
OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the…
- risk 0.49cvss 7.5epss 0.01
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request…
- risk 0.51cvss 7.8epss 0.00
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a…
- risk 0.49cvss 7.5epss 0.05
An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000,…
- risk 0.49cvss 7.5epss 0.01
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.
- risk 0.49cvss 7.5epss 0.02
GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors.
- risk 0.00cvss 7.7epss 0.01
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
- risk 0.51cvss 7.8epss 0.01
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim…
- risk 0.57cvss 8.8epss 0.02
An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability.
- risk 0.41cvss 7.4epss 0.03
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access…
- risk 0.49cvss 7.5epss 0.01
Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).
- risk 0.57cvss 8.8epss 0.01
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
- risk 0.49cvss 7.5epss 0.01
CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.
- risk 0.42cvss 7.5epss 0.02
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.
- risk 0.53cvss 8.1epss 0.05
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest…
- risk 0.54cvss 7.8epss 0.02
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be…
- risk 0.49cvss 7.5epss 0.03
A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request.
- risk 0.57cvss 8.8epss 0.01
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege…
- risk 0.47cvss 7.2epss 0.02
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an…
- risk 0.57cvss 8.8epss 0.02
WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution.
- risk 0.57cvss 8.8epss 0.02
WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution.
- risk 0.49cvss 7.5epss 0.00
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing…
- risk 0.51cvss 7.8epss 0.00
HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet…
- risk 0.51cvss 7.8epss 0.00
FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful…
- risk 0.47cvss 7.2epss 0.01
Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher…