| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-17392 | Hig | 0.57 | 8.8 | 0.01 | Aug 25, 2020 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw… | ||
| CVE-2020-17390 | Hig | 0.57 | 8.8 | 0.01 | Aug 25, 2020 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw… | ||
| CVE-2020-17389 | Hig | 0.58 | 8.8 | 0.10 | Aug 25, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists… | ||
| CVE-2020-17388 | Hig | 0.58 | 8.8 | 0.08 | Aug 25, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists… | ||
| CVE-2020-17387 | Hig | 0.58 | 8.8 | 0.10 | Aug 25, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists… | ||
| CVE-2020-15645 | Hig | 0.58 | 8.8 | 0.11 | Aug 25, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists… | ||
| CVE-2020-15644 | Hig | 0.58 | 8.8 | 0.09 | Aug 25, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists… | ||
| CVE-2020-15643 | Hig | 0.62 | 8.8 | 0.59 | Aug 25, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists… | ||
| CVE-2020-15642 | Hig | 0.58 | 8.8 | 0.07 | Aug 25, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The… | ||
| CVE-2020-15641 | Hig | 0.49 | 7.5 | 0.03 | Aug 25, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the… | ||
| CVE-2020-15640 | Hig | 0.49 | 7.5 | 0.03 | Aug 25, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the… | ||
| CVE-2020-24616 | — | Hig | 0.46 | 8.1 | 0.09 | Aug 25, 2020 | FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). | |
| CVE-2020-24614 | Hig | 0.57 | 8.8 | 0.03 | Aug 25, 2020 | Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository. | ||
| CVE-2020-14522 | Hig | 0.49 | 7.5 | 0.01 | Aug 25, 2020 | Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition. | ||
| CVE-2020-14512 | Hig | 0.53 | 8.1 | 0.01 | Aug 25, 2020 | GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords. | ||
| CVE-2020-14508 | Hig | 0.53 | 8.1 | 0.02 | Aug 25, 2020 | GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition. | ||
| CVE-2020-17385 | Hig | 0.49 | 7.5 | 0.02 | Aug 25, 2020 | Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system. | ||
| CVE-2020-17384 | Hig | 0.47 | 7.2 | 0.02 | Aug 25, 2020 | Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system. | ||
| CVE-2020-24572 | Hig | 0.01 | 8.8 | 0.07 | Aug 24, 2020 | An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system… | ||
| CVE-2020-7377 | Hig | 0.53 | 8.1 | 0.01 | Aug 24, 2020 | The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run… | ||
| CVE-2020-7376 | Hig | 0.46 | 7.1 | 0.01 | Aug 24, 2020 | The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a… | ||
| CVE-2020-24364 | Hig | 0.57 | 8.8 | 0.03 | Aug 24, 2020 | MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite. | ||
| CVE-2020-7705 | Hig | 0.46 | 7.1 | 0.01 | Aug 24, 2020 | This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely… | ||
| CVE-2020-24606 | Hig | 0.56 | 8.6 | 0.05 | Aug 24, 2020 | Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists… | ||
| CVE-2020-4587 | Hig | 0.51 | 7.8 | 0.00 | Aug 24, 2020 | IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578. | ||
| CVE-2020-14044 | — | Hig | 0.47 | 7.2 | 0.03 | Aug 24, 2020 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This… | |
| CVE-2020-14043 | — | Hig | 0.57 | 8.8 | 0.02 | Aug 24, 2020 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in… | |
| CVE-2020-7831 | Hig | 0.57 | 8.8 | 0.01 | Aug 24, 2020 | A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however. | ||
| CVE-2020-19891 | Hig | 0.47 | 7.2 | 0.01 | Aug 24, 2020 | DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get… | ||
| CVE-2020-19889 | Hig | 0.57 | 8.8 | 0.01 | Aug 24, 2020 | DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. | ||
| CVE-2020-19886 | Hig | 0.53 | 8.1 | 0.00 | Aug 24, 2020 | DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. | ||
| CVE-2020-19878 | Hig | 0.49 | 7.5 | 0.02 | Aug 24, 2020 | DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information. | ||
| CVE-2020-14350 | Hig | 0.47 | 7.3 | 0.01 | Aug 24, 2020 | It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such… | ||
| CVE-2020-14349 | Hig | 0.46 | 7.1 | 0.02 | Aug 24, 2020 | It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in… | ||
| CVE-2020-13101 | Hig | 0.49 | 7.5 | 0.01 | Aug 24, 2020 | In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of… | ||
| CVE-2020-7711 | — | Hig | 0.49 | 7.5 | 0.02 | Aug 23, 2020 | This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. | |
| CVE-2020-5417 | Hig | 0.57 | 8.8 | 0.01 | Aug 21, 2020 | Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive… | ||
| CVE-2020-9063 | Hig | 0.49 | 7.6 | 0.01 | Aug 21, 2020 | NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a… | ||
| CVE-2020-8623 | Hig | 0.49 | 7.5 | 0.06 | Aug 21, 2020 | In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system… | ||
| CVE-2020-8621 | Hig | 0.49 | 7.5 | 0.03 | Aug 21, 2020 | In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not… | ||
| CVE-2020-8620 | Hig | 0.49 | 7.5 | 0.04 | Aug 21, 2020 | In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. | ||
| CVE-2020-10126 | Hig | 0.49 | 7.6 | 0.00 | Aug 21, 2020 | NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because… | ||
| CVE-2020-10125 | Hig | 0.49 | 7.6 | 0.00 | Aug 21, 2020 | NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to… | ||
| CVE-2020-10124 | Hig | 0.46 | 7.1 | 0.01 | Aug 21, 2020 | NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including… | ||
| CVE-2019-11862 | Hig | 0.53 | 8.1 | 0.01 | Aug 21, 2020 | The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying. | ||
| CVE-2019-11855 | Hig | 0.53 | 8.1 | 0.01 | Aug 21, 2020 | An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9. | ||
| CVE-2019-11847 | Hig | 0.47 | 7.3 | 0.00 | Aug 21, 2020 | An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell. | ||
| CVE-2020-15147 | Hig | 0.00 | 8.5 | 0.02 | Aug 21, 2020 | Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit,… | ||
| CVE-2020-15140 | Hig | 0.00 | 8.2 | 0.01 | Aug 21, 2020 | In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform… | ||
| CVE-2020-24057 | Hig | 0.58 | 8.8 | 0.05 | Aug 21, 2020 | The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to… |
- risk 0.57cvss 8.8epss 0.01
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw…
- risk 0.57cvss 8.8epss 0.01
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw…
- risk 0.58cvss 8.8epss 0.10
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…
- risk 0.58cvss 8.8epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…
- risk 0.58cvss 8.8epss 0.10
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…
- risk 0.58cvss 8.8epss 0.11
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…
- risk 0.58cvss 8.8epss 0.09
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…
- risk 0.62cvss 8.8epss 0.59
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…
- risk 0.58cvss 8.8epss 0.07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…
- risk 0.49cvss 7.5epss 0.03
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the…
- risk 0.49cvss 7.5epss 0.03
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the…
- risk 0.46cvss 8.1epss 0.09
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
- risk 0.57cvss 8.8epss 0.03
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.
- risk 0.49cvss 7.5epss 0.01
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition.
- risk 0.53cvss 8.1epss 0.01
GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords.
- risk 0.53cvss 8.1epss 0.02
GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition.
- risk 0.49cvss 7.5epss 0.02
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system.
- risk 0.47cvss 7.2epss 0.02
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system.
- risk 0.01cvss 8.8epss 0.07
An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system…
- risk 0.53cvss 8.1epss 0.01
The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run…
- risk 0.46cvss 7.1epss 0.01
The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a…
- risk 0.57cvss 8.8epss 0.03
MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite.
- risk 0.46cvss 7.1epss 0.01
This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely…
- risk 0.56cvss 8.6epss 0.05
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists…
- risk 0.51cvss 7.8epss 0.00
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.
- risk 0.47cvss 7.2epss 0.03
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This…
- risk 0.57cvss 8.8epss 0.02
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however.
- risk 0.47cvss 7.2epss 0.01
DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get…
- risk 0.57cvss 8.8epss 0.01
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user.
- risk 0.53cvss 8.1epss 0.00
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu.
- risk 0.49cvss 7.5epss 0.02
DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information.
- risk 0.47cvss 7.3epss 0.01
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such…
- risk 0.46cvss 7.1epss 0.02
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in…
- risk 0.49cvss 7.5epss 0.01
In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of…
- risk 0.49cvss 7.5epss 0.02
This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
- risk 0.57cvss 8.8epss 0.01
Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive…
- risk 0.49cvss 7.6epss 0.01
NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a…
- risk 0.49cvss 7.5epss 0.06
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system…
- risk 0.49cvss 7.5epss 0.03
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not…
- risk 0.49cvss 7.5epss 0.04
In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.
- risk 0.49cvss 7.6epss 0.00
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because…
- risk 0.49cvss 7.6epss 0.00
NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to…
- risk 0.46cvss 7.1epss 0.01
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including…
- risk 0.53cvss 8.1epss 0.01
The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.
- risk 0.53cvss 8.1epss 0.01
An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9.
- risk 0.47cvss 7.3epss 0.00
An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell.
- risk 0.00cvss 8.5epss 0.02
Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit,…
- risk 0.00cvss 8.2epss 0.01
In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform…
- risk 0.58cvss 8.8epss 0.05
The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to…