| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-9483 | Hig | 0.03 | 7.5 | 0.35 | Jun 30, 2020 | **Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use… | ||
| CVE-2020-14957 | Hig | 0.51 | 7.8 | 0.00 | Jun 30, 2020 | In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCD. | ||
| CVE-2020-14956 | — | Hig | 0.51 | 7.8 | 0.00 | Jun 30, 2020 | In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCA. | |
| CVE-2020-7816 | Hig | 0.46 | 7.0 | 0.01 | Jun 30, 2020 | A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected device.nThe vulnerability is due to a stack overflow read. An attacker could exploit… | ||
| CVE-2019-19163 | Hig | 0.49 | 7.5 | 0.01 | Jun 30, 2020 | A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL. | ||
| CVE-2019-19161 | Hig | 0.47 | 7.2 | 0.01 | Jun 30, 2020 | CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient… | ||
| CVE-2020-15397 | Hig | 0.51 | 7.8 | 0.01 | Jun 30, 2020 | HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user… | ||
| CVE-2020-15396 | Hig | 0.51 | 7.8 | 0.00 | Jun 30, 2020 | In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root. | ||
| CVE-2020-5603 | Hig | 0.49 | 7.5 | 0.01 | Jun 30, 2020 | Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT… | ||
| CVE-2020-5602 | Hig | 0.49 | 7.5 | 0.01 | Jun 30, 2020 | Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX… | ||
| CVE-2020-5601 | Hig | 0.57 | 8.8 | 0.02 | Jun 30, 2020 | Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote attackers to execute an arbitrary command via unspecified vectors. | ||
| CVE-2020-5584 | Hig | 0.49 | 7.5 | 0.01 | Jun 30, 2020 | Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors. | ||
| CVE-2020-5580 | Hig | 0.53 | 8.1 | 0.01 | Jun 30, 2020 | Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors. | ||
| CVE-2020-15395 | Hig | 0.51 | 7.8 | 0.01 | Jun 30, 2020 | In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing). | ||
| CVE-2020-4067 | Hig | 0.39 | 7.0 | 0.02 | Jun 29, 2020 | In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get… | ||
| CVE-2020-14414 | Hig | 0.57 | 8.8 | 0.04 | Jun 29, 2020 | NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw… | ||
| CVE-2020-14412 | Hig | 0.57 | 8.8 | 0.04 | Jun 29, 2020 | NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a… | ||
| CVE-2020-4452 | Hig | 0.49 | 7.5 | 0.01 | Jun 29, 2020 | IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324. | ||
| CVE-2020-12048 | Hig | 0.49 | 7.5 | 0.00 | Jun 29, 2020 | Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management… | ||
| CVE-2020-12037 | Hig | 0.49 | 7.5 | 0.00 | Jun 29, 2020 | Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An… | ||
| CVE-2020-12036 | Hig | 0.49 | 7.5 | 0.01 | Jun 29, 2020 | Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An… | ||
| CVE-2020-12008 | Hig | 0.49 | 7.5 | 0.01 | Jun 29, 2020 | Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI. | ||
| CVE-2020-8019 | Hig | 0.50 | 7.7 | 0.01 | Jun 29, 2020 | A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux… | ||
| CVE-2020-8014 | Hig | 0.50 | 7.7 | 0.01 | Jun 29, 2020 | A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions… | ||
| CVE-2019-3681 | Hig | 0.49 | 7.5 | 0.01 | Jun 29, 2020 | A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed… | ||
| CVE-2020-8022 | Hig | 0.50 | 7.7 | 0.01 | Jun 29, 2020 | A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux… | ||
| CVE-2019-20413 | Hig | 0.49 | 7.5 | 0.02 | Jun 29, 2020 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0… | ||
| CVE-2020-15360 | Hig | 0.51 | 7.8 | 0.01 | Jun 27, 2020 | com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. | ||
| CVE-2020-9628 | Hig | 0.49 | 7.5 | 0.03 | Jun 26, 2020 | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2020-9627 | Hig | 0.49 | 7.5 | 0.03 | Jun 26, 2020 | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2020-9625 | Hig | 0.49 | 7.5 | 0.03 | Jun 26, 2020 | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2020-9591 | Hig | 0.49 | 7.5 | 0.03 | Jun 26, 2020 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel. | ||
| CVE-2020-9588 | Hig | 0.47 | 7.2 | 0.03 | Jun 26, 2020 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass. | ||
| CVE-2020-9587 | Hig | 0.49 | 7.5 | 0.05 | Jun 26, 2020 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts. | ||
| CVE-2020-9574 | Hig | 0.51 | 7.8 | 0.03 | Jun 26, 2020 | Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9573 | Hig | 0.51 | 7.8 | 0.03 | Jun 26, 2020 | Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-9572 | Hig | 0.51 | 7.8 | 0.03 | Jun 26, 2020 | Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-9571 | Hig | 0.51 | 7.8 | 0.03 | Jun 26, 2020 | Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-9570 | Hig | 0.51 | 7.8 | 0.03 | Jun 26, 2020 | Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9569 | Hig | 0.51 | 7.8 | 0.03 | Jun 26, 2020 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9568 | Hig | 0.51 | 7.8 | 0.03 | Jun 26, 2020 | Adobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9567 | Hig | 0.51 | 7.8 | 0.04 | Jun 26, 2020 | Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9566 | Hig | 0.51 | 7.8 | 0.03 | Jun 26, 2020 | Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9565 | Hig | 0.51 | 7.8 | 0.03 | Jun 26, 2020 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9564 | Hig | 0.51 | 7.8 | 0.03 | Jun 26, 2020 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9563 | Hig | 0.51 | 7.8 | 0.05 | Jun 26, 2020 | Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-9562 | Hig | 0.51 | 7.8 | 0.05 | Jun 26, 2020 | Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2020-9561 | Hig | 0.51 | 7.8 | 0.03 | Jun 26, 2020 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9560 | Hig | 0.51 | 7.8 | 0.03 | Jun 26, 2020 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-9559 | Hig | 0.51 | 7.8 | 0.03 | Jun 26, 2020 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
- risk 0.03cvss 7.5epss 0.35
**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use…
- risk 0.51cvss 7.8epss 0.00
In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCD.
- risk 0.51cvss 7.8epss 0.00
In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCA.
- risk 0.46cvss 7.0epss 0.01
A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected device.nThe vulnerability is due to a stack overflow read. An attacker could exploit…
- risk 0.49cvss 7.5epss 0.01
A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL.
- risk 0.47cvss 7.2epss 0.01
CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient…
- risk 0.51cvss 7.8epss 0.01
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user…
- risk 0.51cvss 7.8epss 0.00
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.
- risk 0.49cvss 7.5epss 0.01
Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT…
- risk 0.49cvss 7.5epss 0.01
Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX…
- risk 0.57cvss 8.8epss 0.02
Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote attackers to execute an arbitrary command via unspecified vectors.
- risk 0.49cvss 7.5epss 0.01
Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.
- risk 0.53cvss 8.1epss 0.01
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.
- risk 0.51cvss 7.8epss 0.01
In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing).
- risk 0.39cvss 7.0epss 0.02
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get…
- risk 0.57cvss 8.8epss 0.04
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw…
- risk 0.57cvss 8.8epss 0.04
NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a…
- risk 0.49cvss 7.5epss 0.01
IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324.
- risk 0.49cvss 7.5epss 0.00
Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management…
- risk 0.49cvss 7.5epss 0.00
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An…
- risk 0.49cvss 7.5epss 0.01
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An…
- risk 0.49cvss 7.5epss 0.01
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI.
- risk 0.50cvss 7.7epss 0.01
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux…
- risk 0.50cvss 7.7epss 0.01
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions…
- risk 0.49cvss 7.5epss 0.01
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed…
- risk 0.50cvss 7.7epss 0.01
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux…
- risk 0.49cvss 7.5epss 0.02
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0…
- risk 0.51cvss 7.8epss 0.01
com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification.
- risk 0.49cvss 7.5epss 0.03
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.49cvss 7.5epss 0.03
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.49cvss 7.5epss 0.03
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.49cvss 7.5epss 0.03
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel.
- risk 0.47cvss 7.2epss 0.03
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
- risk 0.49cvss 7.5epss 0.05
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.
- risk 0.51cvss 7.8epss 0.03
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.51cvss 7.8epss 0.03
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.51cvss 7.8epss 0.03
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.51cvss 7.8epss 0.03
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.51cvss 7.8epss 0.03
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.51cvss 7.8epss 0.03
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.51cvss 7.8epss 0.03
Adobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.51cvss 7.8epss 0.04
Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.51cvss 7.8epss 0.03
Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.51cvss 7.8epss 0.03
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.51cvss 7.8epss 0.03
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.51cvss 7.8epss 0.05
Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.51cvss 7.8epss 0.05
Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.51cvss 7.8epss 0.03
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.51cvss 7.8epss 0.03
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.51cvss 7.8epss 0.03
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .