| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9512 | — | Hig | 0.48 | 7.5 | 0.83 | Aug 13, 2019 | Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can… | |
| CVE-2019-9511 | — | Hig | 0.53 | 7.5 | 0.58 | Aug 13, 2019 | Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size… | |
| CVE-2019-5299 | Hig | 0.51 | 7.8 | 0.01 | Aug 13, 2019 | Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can… | ||
| CVE-2019-5223 | Hig | 0.51 | 7.8 | 0.01 | Aug 13, 2019 | PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution. | ||
| CVE-2019-11207 | Hig | 0.57 | 8.8 | 0.01 | Aug 13, 2019 | The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as… | ||
| CVE-2019-14986 | Hig | 0.53 | 8.1 | 0.03 | Aug 13, 2019 | eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password") are exposed. | ||
| CVE-2019-14984 | Hig | 0.53 | 8.1 | 0.06 | Aug 13, 2019 | eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMD_EXEC to execute TCL code from a POST request. | ||
| CVE-2019-12808 | Hig | 0.51 | 7.8 | 0.00 | Aug 13, 2019 | ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges. | ||
| CVE-2019-12807 | Hig | 0.51 | 7.8 | 0.02 | Aug 13, 2019 | Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution… | ||
| CVE-2019-12806 | Hig | 0.58 | 8.8 | 0.04 | Aug 13, 2019 | UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets. | ||
| CVE-2019-10943 | Hig | 0.49 | 7.5 | 0.01 | Aug 13, 2019 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC… | ||
| CVE-2019-10942 | Hig | 0.56 | 8.6 | 0.01 | Aug 13, 2019 | A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All… | ||
| CVE-2019-14993 | — | Hig | 0.49 | 7.5 | 0.02 | Aug 13, 2019 | Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API. | |
| CVE-2018-20964 | Hig | 0.57 | 8.8 | 0.01 | Aug 13, 2019 | The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. | ||
| CVE-2019-5681 | Hig | 0.51 | 7.8 | 0.00 | Aug 13, 2019 | NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure. | ||
| CVE-2019-13419 | Hig | 0.49 | 7.5 | 0.01 | Aug 13, 2019 | Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked. | ||
| CVE-2019-14530 | Hig | 0.08 | 8.8 | 0.67 | Aug 13, 2019 | An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory… | ||
| CVE-2019-14516 | Hig | 0.48 | 7.4 | 0.01 | Aug 13, 2019 | The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help. | ||
| CVE-2017-18509 | Hig | 0.00 | 7.8 | 0.01 | Aug 13, 2019 | An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain… | ||
| CVE-2019-13418 | Hig | 0.49 | 7.5 | 0.01 | Aug 12, 2019 | Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized. | ||
| CVE-2019-14969 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2019 | Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the target file… | ||
| CVE-2019-14966 | Hig | 0.00 | 8.8 | 0.02 | Aug 12, 2019 | An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection. | ||
| CVE-2019-14951 | Hig | 0.49 | 7.5 | 0.02 | Aug 12, 2019 | The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the… | ||
| CVE-2017-18504 | Hig | 0.57 | 8.8 | 0.01 | Aug 12, 2019 | The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF. | ||
| CVE-2016-10876 | Hig | 0.57 | 8.8 | 0.01 | Aug 12, 2019 | The wp-database-backup plugin before 4.3.1 for WordPress has CSRF. | ||
| CVE-2016-10874 | Hig | 0.57 | 8.8 | 0.01 | Aug 12, 2019 | The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. | ||
| CVE-2019-14932 | Hig | 0.49 | 7.5 | 0.02 | Aug 12, 2019 | The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data. | ||
| CVE-2019-14935 | — | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2019 | 3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link. | |
| CVE-2019-14934 | Hig | 0.00 | 7.8 | 0.01 | Aug 11, 2019 | An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write. | ||
| CVE-2019-14933 | — | Hig | 0.00 | 8.8 | 0.01 | Aug 11, 2019 | Bagisto 0.1.5 allows CSRF under /admin URIs. | |
| CVE-2019-14924 | Hig | 0.00 | 7.5 | 0.02 | Aug 10, 2019 | An issue was discovered in GCDWebServer before 3.5.3. The method moveItem in the GCDWebUploader class checks the FileExtension of newAbsolutePath but not oldAbsolutePath. By leveraging this vulnerability, an adversary can make an inaccessible file be available (the credential of… | ||
| CVE-2019-12258 | Hig | 0.54 | 7.5 | 0.23 | Aug 9, 2019 | Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. | ||
| CVE-2019-11042 | Hig | 0.47 | 7.1 | 0.04 | Aug 9, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This… | ||
| CVE-2019-11041 | Hig | 0.47 | 7.1 | 0.04 | Aug 9, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This… | ||
| CVE-2019-3744 | Hig | 0.51 | 7.8 | 0.00 | Aug 9, 2019 | Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a… | ||
| CVE-2019-3742 | Hig | 0.51 | 7.8 | 0.00 | Aug 9, 2019 | Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an… | ||
| CVE-2019-12263 | Hig | 0.53 | 8.1 | 0.03 | Aug 9, 2019 | Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. | ||
| CVE-2019-12259 | Hig | 0.50 | 7.5 | 0.16 | Aug 9, 2019 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. | ||
| CVE-2019-5406 | Hig | 0.47 | 7.2 | 0.01 | Aug 9, 2019 | A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | ||
| CVE-2019-5405 | Hig | 0.48 | 7.3 | 0.02 | Aug 9, 2019 | A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | ||
| CVE-2019-5404 | Hig | 0.57 | 8.8 | 0.02 | Aug 9, 2019 | A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | ||
| CVE-2019-12257 | Hig | 0.64 | 8.8 | 0.84 | Aug 9, 2019 | Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. | ||
| CVE-2019-5395 | Hig | 0.57 | 8.8 | 0.02 | Aug 9, 2019 | A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | ||
| CVE-2019-12805 | Hig | 0.57 | 8.8 | 0.03 | Aug 9, 2019 | NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a… | ||
| CVE-2017-18486 | Hig | 0.47 | 7.2 | 0.05 | Aug 9, 2019 | Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the… | ||
| CVE-2019-14806 | — | Hig | 0.42 | 7.5 | 0.02 | Aug 9, 2019 | Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. | |
| CVE-2019-14794 | Hig | 0.49 | 7.5 | 0.01 | Aug 9, 2019 | The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. | ||
| CVE-2018-20960 | Hig | 0.53 | 8.1 | 0.01 | Aug 8, 2019 | Nespresso Prodigio devices lack Bluetooth connection security. | ||
| CVE-2018-20957 | Hig | 0.57 | 8.8 | 0.01 | Aug 8, 2019 | The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks. | ||
| CVE-2018-20954 | Hig | 0.00 | 7.5 | 0.01 | Aug 8, 2019 | The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys. |
- risk 0.48cvss 7.5epss 0.83
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can…
- risk 0.53cvss 7.5epss 0.58
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size…
- risk 0.51cvss 7.8epss 0.01
Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can…
- risk 0.51cvss 7.8epss 0.01
PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution.
- risk 0.57cvss 8.8epss 0.01
The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as…
- risk 0.53cvss 8.1epss 0.03
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password") are exposed.
- risk 0.53cvss 8.1epss 0.06
eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMD_EXEC to execute TCL code from a POST request.
- risk 0.51cvss 7.8epss 0.00
ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges.
- risk 0.51cvss 7.8epss 0.02
Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution…
- risk 0.58cvss 8.8epss 0.04
UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets.
- risk 0.49cvss 7.5epss 0.01
A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC…
- risk 0.56cvss 8.6epss 0.01
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All…
- risk 0.49cvss 7.5epss 0.02
Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API.
- risk 0.57cvss 8.8epss 0.01
The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.
- risk 0.51cvss 7.8epss 0.00
NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure.
- risk 0.49cvss 7.5epss 0.01
Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked.
- risk 0.08cvss 8.8epss 0.67
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory…
- risk 0.48cvss 7.4epss 0.01
The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help.
- risk 0.00cvss 7.8epss 0.01
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain…
- risk 0.49cvss 7.5epss 0.01
Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.
- risk 0.51cvss 7.8epss 0.00
Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the target file…
- risk 0.00cvss 8.8epss 0.02
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection.
- risk 0.49cvss 7.5epss 0.02
The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the…
- risk 0.57cvss 8.8epss 0.01
The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF.
- risk 0.57cvss 8.8epss 0.01
The wp-database-backup plugin before 4.3.1 for WordPress has CSRF.
- risk 0.57cvss 8.8epss 0.01
The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.
- risk 0.49cvss 7.5epss 0.02
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data.
- risk 0.51cvss 7.8epss 0.00
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.
- risk 0.00cvss 7.8epss 0.01
An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.
- risk 0.00cvss 8.8epss 0.01
Bagisto 0.1.5 allows CSRF under /admin URIs.
- risk 0.00cvss 7.5epss 0.02
An issue was discovered in GCDWebServer before 3.5.3. The method moveItem in the GCDWebUploader class checks the FileExtension of newAbsolutePath but not oldAbsolutePath. By leveraging this vulnerability, an adversary can make an inaccessible file be available (the credential of…
- risk 0.54cvss 7.5epss 0.23
Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.
- risk 0.47cvss 7.1epss 0.04
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This…
- risk 0.47cvss 7.1epss 0.04
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This…
- risk 0.51cvss 7.8epss 0.00
Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a…
- risk 0.51cvss 7.8epss 0.00
Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an…
- risk 0.53cvss 8.1epss 0.03
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.
- risk 0.50cvss 7.5epss 0.16
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.
- risk 0.47cvss 7.2epss 0.01
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
- risk 0.48cvss 7.3epss 0.02
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
- risk 0.57cvss 8.8epss 0.02
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
- risk 0.64cvss 8.8epss 0.84
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.
- risk 0.57cvss 8.8epss 0.02
A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
- risk 0.57cvss 8.8epss 0.03
NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a…
- risk 0.47cvss 7.2epss 0.05
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the…
- risk 0.42cvss 7.5epss 0.02
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
- risk 0.49cvss 7.5epss 0.01
The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders.
- risk 0.53cvss 8.1epss 0.01
Nespresso Prodigio devices lack Bluetooth connection security.
- risk 0.57cvss 8.8epss 0.01
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks.
- risk 0.00cvss 7.5epss 0.01
The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.