| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15904 | — | Hig | 0.44 | 7.8 | 0.01 | Jul 22, 2020 | A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file. | |
| CVE-2020-15901 | Hig | 0.59 | 8.8 | 0.22 | Jul 22, 2020 | In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys. | ||
| CVE-2020-4400 | Hig | 0.49 | 7.5 | 0.02 | Jul 22, 2020 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478. | ||
| CVE-2020-4372 | Hig | 0.51 | 7.8 | 0.00 | Jul 22, 2020 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009 | ||
| CVE-2020-9687 | Hig | 0.57 | 8.8 | 0.03 | Jul 22, 2020 | Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9685 | Hig | 0.57 | 8.8 | 0.03 | Jul 22, 2020 | Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9684 | Hig | 0.57 | 8.8 | 0.03 | Jul 22, 2020 | Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9683 | Hig | 0.58 | 8.8 | 0.04 | Jul 22, 2020 | Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-9680 | Hig | 0.58 | 8.8 | 0.04 | Jul 22, 2020 | Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9678 | Hig | 0.58 | 8.8 | 0.04 | Jul 22, 2020 | Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9677 | Hig | 0.58 | 8.8 | 0.05 | Jul 22, 2020 | Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-9676 | Hig | 0.51 | 7.8 | 0.04 | Jul 22, 2020 | Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-9675 | Hig | 0.51 | 7.8 | 0.04 | Jul 22, 2020 | Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-9674 | Hig | 0.51 | 7.8 | 0.04 | Jul 22, 2020 | Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-3452 | Hig | 0.72 | 7.5 | 1.00 | KEV | Jul 22, 2020 | A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted… | |
| CVE-2020-15896 | Hig | 0.49 | 7.5 | 0.02 | Jul 22, 2020 | An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the… | ||
| CVE-2020-15894 | Hig | 0.49 | 7.5 | 0.02 | Jul 22, 2020 | An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin… | ||
| CVE-2020-15806 | Hig | 0.49 | 7.5 | 0.02 | Jul 22, 2020 | CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. | ||
| CVE-2020-6534 | Hig | 0.57 | 8.8 | 0.02 | Jul 22, 2020 | Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6533 | Hig | 0.57 | 8.8 | 0.02 | Jul 22, 2020 | Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6530 | Hig | 0.57 | 8.8 | 0.01 | Jul 22, 2020 | Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | ||
| CVE-2020-6525 | Hig | 0.57 | 8.8 | 0.02 | Jul 22, 2020 | Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6524 | Hig | 0.57 | 8.8 | 0.03 | Jul 22, 2020 | Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6523 | Hig | 0.57 | 8.8 | 0.03 | Jul 22, 2020 | Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6520 | Hig | 0.57 | 8.8 | 0.03 | Jul 22, 2020 | Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6518 | Hig | 0.57 | 8.8 | 0.03 | Jul 22, 2020 | Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6517 | Hig | 0.57 | 8.8 | 0.03 | Jul 22, 2020 | Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6515 | Hig | 0.57 | 8.8 | 0.03 | Jul 22, 2020 | Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6513 | Hig | 0.57 | 8.8 | 0.03 | Jul 22, 2020 | Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||
| CVE-2020-6512 | Hig | 0.57 | 8.8 | 0.03 | Jul 22, 2020 | Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6510 | Hig | 0.51 | 7.8 | 0.02 | Jul 22, 2020 | Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6507 | Hig | 0.62 | 8.8 | 0.19 | Jul 22, 2020 | Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-18619 | Hig | 0.51 | 7.8 | 0.00 | Jul 22, 2020 | Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept… | ||
| CVE-2020-12774 | Hig | 0.53 | 8.2 | 0.00 | Jul 22, 2020 | D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command. | ||
| CVE-2020-15890 | Hig | 0.49 | 7.5 | 0.03 | Jul 21, 2020 | LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. | ||
| CVE-2020-15888 | Hig | 0.00 | 8.8 | 0.02 | Jul 21, 2020 | Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. | ||
| CVE-2020-15724 | Hig | 0.51 | 7.8 | 0.01 | Jul 21, 2020 | In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system. | ||
| CVE-2020-15723 | Hig | 0.51 | 7.8 | 0.00 | Jul 21, 2020 | In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on… | ||
| CVE-2020-15722 | Hig | 0.51 | 7.8 | 0.00 | Jul 21, 2020 | In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system. | ||
| CVE-2020-15879 | Hig | 0.00 | 7.5 | 0.03 | Jul 21, 2020 | Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16). | ||
| CVE-2020-15877 | — | Hig | 0.50 | 8.8 | 0.02 | Jul 21, 2020 | An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php. | |
| CVE-2016-7064 | Hig | 0.42 | 7.5 | 0.01 | Jul 21, 2020 | A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage | ||
| CVE-2020-12499 | Hig | 0.53 | 8.2 | 0.00 | Jul 21, 2020 | In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files. | ||
| CVE-2018-21036 | — | Hig | 0.42 | 7.5 | 0.02 | Jul 21, 2020 | Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request. | |
| CVE-2020-4125 | Hig | 0.53 | 8.1 | 0.00 | Jul 20, 2020 | Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to confidential information. | ||
| CVE-2020-15852 | Hig | 0.00 | 7.8 | 0.00 | Jul 20, 2020 | An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization… | ||
| CVE-2020-3481 | Hig | 0.49 | 7.5 | 0.03 | Jul 20, 2020 | A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference.… | ||
| CVE-2020-15121 | Hig | 0.00 | 7.4 | 0.02 | Jul 20, 2020 | In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned… | ||
| CVE-2020-15052 | Hig | 0.49 | 7.5 | 0.02 | Jul 20, 2020 | An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields. | ||
| CVE-2020-8214 | — | Hig | 0.49 | 7.5 | 0.02 | Jul 20, 2020 | A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file. |
- risk 0.44cvss 7.8epss 0.01
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.
- risk 0.59cvss 8.8epss 0.22
In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.
- risk 0.49cvss 7.5epss 0.02
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478.
- risk 0.51cvss 7.8epss 0.00
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009
- risk 0.57cvss 8.8epss 0.03
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.57cvss 8.8epss 0.03
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.57cvss 8.8epss 0.03
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.58cvss 8.8epss 0.04
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.58cvss 8.8epss 0.04
Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.58cvss 8.8epss 0.04
Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.58cvss 8.8epss 0.05
Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.51cvss 7.8epss 0.04
Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.51cvss 7.8epss 0.04
Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.51cvss 7.8epss 0.04
Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.72cvss 7.5epss 1.00
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted…
- risk 0.49cvss 7.5epss 0.02
An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the…
- risk 0.49cvss 7.5epss 0.02
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin…
- risk 0.49cvss 7.5epss 0.02
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
- risk 0.57cvss 8.8epss 0.02
Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.02
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
- risk 0.57cvss 8.8epss 0.02
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.03
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.03
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.03
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.03
Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.03
Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.03
Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.03
Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- risk 0.57cvss 8.8epss 0.03
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.51cvss 7.8epss 0.02
Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.62cvss 8.8epss 0.19
Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.51cvss 7.8epss 0.00
Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept…
- risk 0.53cvss 8.2epss 0.00
D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command.
- risk 0.49cvss 7.5epss 0.03
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.
- risk 0.00cvss 8.8epss 0.02
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
- risk 0.51cvss 7.8epss 0.01
In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
- risk 0.51cvss 7.8epss 0.00
In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on…
- risk 0.51cvss 7.8epss 0.00
In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system.
- risk 0.00cvss 7.5epss 0.03
Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16).
- risk 0.50cvss 8.8epss 0.02
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
- risk 0.42cvss 7.5epss 0.01
A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage
- risk 0.53cvss 8.2epss 0.00
In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.
- risk 0.42cvss 7.5epss 0.02
Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request.
- risk 0.53cvss 8.1epss 0.00
Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to confidential information.
- risk 0.00cvss 7.8epss 0.00
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization…
- risk 0.49cvss 7.5epss 0.03
A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference.…
- risk 0.00cvss 7.4epss 0.02
In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned…
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields.
- risk 0.49cvss 7.5epss 0.02
A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file.