| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-9575 | Hig | 0.51 | 7.8 | 0.03 | Jun 25, 2020 | Adobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | ||
| CVE-2020-5966 | Hig | 0.51 | 7.8 | 0.00 | Jun 25, 2020 | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, in which a NULL pointer is dereferenced, leading to denial of service or potential escalation of privileges. | ||
| CVE-2020-15302 | Hig | 0.49 | 7.5 | 0.01 | Jun 25, 2020 | In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a denial of service (locking) or a takeover. | ||
| CVE-2019-19506 | Hig | 0.49 | 7.5 | 0.01 | Jun 25, 2020 | Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot. | ||
| CVE-2019-19505 | Hig | 0.57 | 8.8 | 0.04 | Jun 25, 2020 | Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code… | ||
| CVE-2019-16213 | Hig | 0.57 | 8.8 | 0.03 | Jun 25, 2020 | Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary… | ||
| CVE-2020-11538 | — | Hig | 0.46 | 8.1 | 0.03 | Jun 25, 2020 | In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. | |
| CVE-2020-10379 | — | Hig | 0.44 | 7.8 | 0.01 | Jun 25, 2020 | In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. | |
| CVE-2020-3968 | Hig | 0.53 | 8.2 | 0.01 | Jun 25, 2020 | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious… | ||
| CVE-2020-3967 | Hig | 0.49 | 7.5 | 0.00 | Jun 25, 2020 | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor… | ||
| CVE-2020-3966 | Hig | 0.49 | 7.5 | 0.00 | Jun 25, 2020 | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A… | ||
| CVE-2020-5964 | Hig | 0.51 | 7.8 | 0.00 | Jun 25, 2020 | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure. | ||
| CVE-2020-5963 | Hig | 0.51 | 7.8 | 0.00 | Jun 25, 2020 | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the Inter Process Communication APIs, in which improper access control may lead to code execution, denial of service, or information disclosure. | ||
| CVE-2020-15046 | Hig | 0.60 | 8.8 | 0.02 | Jun 24, 2020 | The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88. | ||
| CVE-2020-5962 | Hig | 0.51 | 7.8 | 0.00 | Jun 24, 2020 | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges. | ||
| CVE-2020-13247 | Hig | 0.48 | 7.3 | 0.01 | Jun 24, 2020 | BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area. | ||
| CVE-2020-3962 | Hig | 0.53 | 8.2 | 0.01 | Jun 24, 2020 | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local… | ||
| CVE-2020-11961 | Hig | 0.49 | 7.5 | 0.01 | Jun 24, 2020 | Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication | ||
| CVE-2020-11959 | Hig | 0.49 | 7.5 | 0.01 | Jun 24, 2020 | An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50. | ||
| CVE-2020-9494 | Hig | 0.49 | 7.5 | 0.04 | Jun 24, 2020 | Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread. | ||
| CVE-2020-6870 | Hig | 0.52 | 8.0 | 0.01 | Jun 24, 2020 | The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation… | ||
| CVE-2020-3969 | Hig | 0.51 | 7.8 | 0.01 | Jun 24, 2020 | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with… | ||
| CVE-2020-14017 | Hig | 0.49 | 7.5 | 0.01 | Jun 24, 2020 | An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing… | ||
| CVE-2020-14015 | Hig | 0.49 | 7.5 | 0.01 | Jun 24, 2020 | An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to… | ||
| CVE-2020-13700 | — | Hig | 0.50 | 7.5 | 0.13 | Jun 24, 2020 | An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as… | |
| CVE-2020-13443 | Hig | 0.58 | 8.8 | 0.04 | Jun 24, 2020 | ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and… | ||
| CVE-2020-14005 | Hig | 0.58 | 8.8 | 0.14 | Jun 24, 2020 | Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. | ||
| CVE-2020-15014 | Hig | 0.57 | 8.8 | 0.01 | Jun 24, 2020 | pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF. | ||
| CVE-2020-12865 | Hig | 0.52 | 8.0 | 0.01 | Jun 24, 2020 | A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. | ||
| CVE-2020-12861 | Hig | 0.57 | 8.8 | 0.03 | Jun 24, 2020 | A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. | ||
| CVE-2020-7667 | — | Hig | 0.42 | 7.5 | 0.02 | Jun 24, 2020 | In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit… | |
| CVE-2020-10280 | Hig | 0.49 | 7.5 | 0.01 | Jun 24, 2020 | The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard. | ||
| CVE-2020-10274 | Hig | 0.46 | 7.1 | 0.01 | Jun 24, 2020 | The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected… | ||
| CVE-2020-10273 | Hig | 0.49 | 7.5 | 0.01 | Jun 24, 2020 | MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to… | ||
| CVE-2020-12033 | Hig | 0.57 | 8.8 | 0.01 | Jun 23, 2020 | In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges. | ||
| CVE-2020-5367 | Hig | 0.48 | 7.4 | 0.01 | Jun 23, 2020 | Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially… | ||
| CVE-2020-14978 | Hig | 0.53 | 8.1 | 0.03 | Jun 23, 2020 | An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine. | ||
| CVE-2020-14977 | Hig | 0.53 | 8.1 | 0.03 | Jun 23, 2020 | An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack and connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the… | ||
| CVE-2020-14975 | Hig | 0.51 | 7.8 | 0.01 | Jun 23, 2020 | The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to delete, move, or copy arbitrary files via IOCTL code 0x222124. | ||
| CVE-2020-14974 | Hig | 0.46 | 7.1 | 0.01 | Jun 23, 2020 | The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes (even ones running as SYSTEM) that hold a handle, via IOCTL code 0x222124. | ||
| CVE-2020-13155 | — | Hig | 0.57 | 8.8 | 0.01 | Jun 23, 2020 | clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI. | |
| CVE-2020-7668 | — | Hig | 0.42 | 7.5 | 0.01 | Jun 23, 2020 | In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. | |
| CVE-2020-7664 | — | Hig | 0.42 | 7.5 | 0.01 | Jun 23, 2020 | In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. | |
| CVE-2020-14971 | Hig | 0.00 | 7.8 | 0.01 | Jun 23, 2020 | Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are… | ||
| CVE-2020-14940 | Hig | 0.49 | 7.5 | 0.04 | Jun 23, 2020 | An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files. | ||
| CVE-2020-14939 | Hig | 0.51 | 7.8 | 0.01 | Jun 23, 2020 | An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading. | ||
| CVE-2020-14945 | Hig | 0.61 | 8.8 | 0.11 | Jun 22, 2020 | A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator rights (i.e., the BankAdmin role) via modified SaveUser data. | ||
| CVE-2020-14990 | Hig | 0.46 | 7.1 | 0.01 | Jun 22, 2020 | IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic link. | ||
| CVE-2020-14049 | Hig | 0.49 | 7.5 | 0.02 | Jun 22, 2020 | Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password… | ||
| CVE-2020-13158 | Hig | 0.53 | 7.5 | 0.54 | Jun 22, 2020 | Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. |
- risk 0.51cvss 7.8epss 0.03
Adobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .
- risk 0.51cvss 7.8epss 0.00
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, in which a NULL pointer is dereferenced, leading to denial of service or potential escalation of privileges.
- risk 0.49cvss 7.5epss 0.01
In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a denial of service (locking) or a takeover.
- risk 0.49cvss 7.5epss 0.01
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot.
- risk 0.57cvss 8.8epss 0.04
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code…
- risk 0.57cvss 8.8epss 0.03
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary…
- risk 0.46cvss 8.1epss 0.03
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
- risk 0.44cvss 7.8epss 0.01
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
- risk 0.53cvss 8.2epss 0.01
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious…
- risk 0.49cvss 7.5epss 0.00
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor…
- risk 0.49cvss 7.5epss 0.00
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A…
- risk 0.51cvss 7.8epss 0.00
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure.
- risk 0.51cvss 7.8epss 0.00
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the Inter Process Communication APIs, in which improper access control may lead to code execution, denial of service, or information disclosure.
- risk 0.60cvss 8.8epss 0.02
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.
- risk 0.51cvss 7.8epss 0.00
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.
- risk 0.48cvss 7.3epss 0.01
BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area.
- risk 0.53cvss 8.2epss 0.01
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local…
- risk 0.49cvss 7.5epss 0.01
Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication
- risk 0.49cvss 7.5epss 0.01
An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50.
- risk 0.49cvss 7.5epss 0.04
Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread.
- risk 0.52cvss 8.0epss 0.01
The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation…
- risk 0.51cvss 7.8epss 0.01
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to…
- risk 0.50cvss 7.5epss 0.13
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as…
- risk 0.58cvss 8.8epss 0.04
ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and…
- risk 0.58cvss 8.8epss 0.14
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event.
- risk 0.57cvss 8.8epss 0.01
pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF.
- risk 0.52cvss 8.0epss 0.01
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.
- risk 0.57cvss 8.8epss 0.03
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.
- risk 0.42cvss 7.5epss 0.02
In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit…
- risk 0.49cvss 7.5epss 0.01
The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard.
- risk 0.46cvss 7.1epss 0.01
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected…
- risk 0.49cvss 7.5epss 0.01
MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to…
- risk 0.57cvss 8.8epss 0.01
In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges.
- risk 0.48cvss 7.4epss 0.01
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially…
- risk 0.53cvss 8.1epss 0.03
An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine.
- risk 0.53cvss 8.1epss 0.03
An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack and connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the…
- risk 0.51cvss 7.8epss 0.01
The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to delete, move, or copy arbitrary files via IOCTL code 0x222124.
- risk 0.46cvss 7.1epss 0.01
The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes (even ones running as SYSTEM) that hold a handle, via IOCTL code 0x222124.
- risk 0.57cvss 8.8epss 0.01
clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI.
- risk 0.42cvss 7.5epss 0.01
In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.
- risk 0.42cvss 7.5epss 0.01
In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.
- risk 0.00cvss 7.8epss 0.01
Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are…
- risk 0.49cvss 7.5epss 0.04
An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading.
- risk 0.61cvss 8.8epss 0.11
A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator rights (i.e., the BankAdmin role) via modified SaveUser data.
- risk 0.46cvss 7.1epss 0.01
IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic link.
- risk 0.49cvss 7.5epss 0.02
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password…
- risk 0.53cvss 7.5epss 0.54
Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.