| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-28994 | Cri | 0.64 | 9.8 | 0.01 | Nov 24, 2020 | A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database. | ||
| CVE-2020-13942 | — | Cri | 0.69 | 9.8 | 0.68 | Nov 24, 2020 | It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to… | |
| CVE-2020-7378 | Cri | 0.59 | 9.1 | 0.03 | Nov 24, 2020 | CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was… | ||
| CVE-2020-4001 | Cri | 0.64 | 9.8 | 0.03 | Nov 24, 2020 | The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack. | ||
| CVE-2020-29006 | Cri | 0.64 | 9.8 | 0.01 | Nov 24, 2020 | MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php. | ||
| CVE-2020-25475 | Cri | 0.64 | 9.8 | 0.01 | Nov 24, 2020 | SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action. | ||
| CVE-2020-15929 | Cri | 0.64 | 9.8 | 0.05 | Nov 24, 2020 | In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution. | ||
| CVE-2020-28991 | — | Cri | 0.00 | 9.8 | 0.02 | Nov 24, 2020 | Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go. | |
| CVE-2020-4006 | Cri | 0.73 | 9.1 | 0.24 | KEV | Nov 23, 2020 | VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | |
| CVE-2020-28984 | Cri | 0.64 | 9.8 | 0.02 | Nov 23, 2020 | prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. | ||
| CVE-2020-28360 | — | Cri | 0.57 | 9.8 | 0.03 | Nov 23, 2020 | Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack… | |
| CVE-2020-28864 | Cri | 0.64 | 9.8 | 0.03 | Nov 23, 2020 | Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name. | ||
| CVE-2020-6939 | Cri | 0.64 | 9.8 | 0.02 | Nov 23, 2020 | Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau… | ||
| CVE-2020-4854 | Cri | 0.64 | 9.8 | 0.02 | Nov 23, 2020 | IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454. | ||
| CVE-2020-25189 | — | Cri | 0.64 | 9.8 | 0.03 | Nov 21, 2020 | The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). | |
| CVE-2020-28877 | Cri | 0.64 | 9.8 | 0.01 | Nov 20, 2020 | Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N. | ||
| CVE-2020-25839 | Cri | 0.64 | 9.8 | 0.01 | Nov 20, 2020 | NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. | ||
| CVE-2020-7561 | Cri | 0.64 | 9.8 | 0.03 | Nov 19, 2020 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an… | ||
| CVE-2020-28212 | Cri | 0.64 | 9.8 | 0.03 | Nov 19, 2020 | A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus. | ||
| CVE-2020-28951 | Cri | 0.64 | 9.8 | 0.02 | Nov 19, 2020 | libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c. | ||
| CVE-2020-12495 | Cri | 0.59 | 9.1 | 0.01 | Nov 19, 2020 | Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write… | ||
| CVE-2020-11831 | Cri | 0.64 | 9.8 | 0.01 | Nov 19, 2020 | OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1. | ||
| CVE-2020-11830 | Cri | 0.64 | 9.8 | 0.01 | Nov 19, 2020 | QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0. | ||
| CVE-2020-11829 | Cri | 0.64 | 9.8 | 0.01 | Nov 19, 2020 | Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722. | ||
| CVE-2019-20933 | — | Cri | 0.59 | 9.8 | 0.31 | Nov 19, 2020 | InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). | |
| CVE-2020-3586 | Cri | 0.61 | 9.4 | 0.02 | Nov 18, 2020 | A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based… | ||
| CVE-2020-3531 | Cri | 0.64 | 9.8 | 0.02 | Nov 18, 2020 | A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls.… | ||
| CVE-2020-3470 | Cri | 0.64 | 9.8 | 0.05 | Nov 18, 2020 | Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input.… | ||
| CVE-2020-28578 | Cri | 0.69 | 9.8 | 0.72 | Nov 18, 2020 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | ||
| CVE-2020-26097 | Cri | 0.64 | 9.8 | 0.02 | Nov 18, 2020 | The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no… | ||
| CVE-2020-6016 | Cri | 0.00 | 9.8 | 0.06 | Nov 18, 2020 | Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption… | ||
| CVE-2020-28183 | Cri | 0.64 | 9.8 | 0.03 | Nov 17, 2020 | SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php. | ||
| CVE-2020-28130 | Cri | 0.64 | 9.8 | 0.06 | Nov 17, 2020 | An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root). | ||
| CVE-2020-26553 | Cri | 0.64 | 9.8 | 0.02 | Nov 17, 2020 | An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree. | ||
| CVE-2020-28133 | Cri | 0.64 | 9.8 | 0.02 | Nov 17, 2020 | An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php. | ||
| CVE-2020-28140 | Cri | 0.64 | 9.8 | 0.02 | Nov 17, 2020 | SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. | ||
| CVE-2020-28138 | Cri | 0.64 | 9.8 | 0.02 | Nov 17, 2020 | SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php. | ||
| CVE-2020-27555 | Cri | 0.64 | 9.8 | 0.03 | Nov 17, 2020 | Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user. | ||
| CVE-2020-27130 | Cri | 0.64 | 9.1 | 0.66 | Nov 17, 2020 | A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could… | ||
| CVE-2020-11851 | Cri | 0.64 | 9.8 | 0.03 | Nov 17, 2020 | Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code. | ||
| CVE-2020-27486 | Cri | 0.64 | 9.9 | 0.02 | Nov 16, 2020 | Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the… | ||
| CVE-2020-27485 | Cri | 0.64 | 9.9 | 0.02 | Nov 16, 2020 | Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to… | ||
| CVE-2020-27484 | Cri | 0.64 | 9.9 | 0.02 | Nov 16, 2020 | Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to… | ||
| CVE-2020-27483 | Cri | 0.65 | 9.9 | 0.02 | Nov 16, 2020 | Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts… | ||
| CVE-2020-26510 | Cri | 0.64 | 9.8 | 0.02 | Nov 16, 2020 | Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution. | ||
| CVE-2020-26508 | Cri | 0.64 | 9.8 | 0.01 | Nov 16, 2020 | The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI. | ||
| CVE-2020-27422 | Cri | 0.67 | 9.8 | 0.08 | Nov 16, 2020 | In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account. | ||
| CVE-2020-25952 | Cri | 0.64 | 9.8 | 0.04 | Nov 16, 2020 | SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | ||
| CVE-2020-25207 | Cri | 0.64 | 9.8 | 0.04 | Nov 16, 2020 | JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. | ||
| CVE-2020-5664 | Cri | 0.64 | 9.8 | 0.03 | Nov 16, 2020 | Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors. |
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database.
- risk 0.69cvss 9.8epss 0.68
It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to…
- risk 0.59cvss 9.1epss 0.03
CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was…
- risk 0.64cvss 9.8epss 0.03
The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.
- risk 0.64cvss 9.8epss 0.01
MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.
- risk 0.64cvss 9.8epss 0.01
SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action.
- risk 0.64cvss 9.8epss 0.05
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
- risk 0.00cvss 9.8epss 0.02
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.
- risk 0.73cvss 9.1epss 0.24
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
- risk 0.64cvss 9.8epss 0.02
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
- risk 0.57cvss 9.8epss 0.03
Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack…
- risk 0.64cvss 9.8epss 0.03
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.
- risk 0.64cvss 9.8epss 0.02
Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau…
- risk 0.64cvss 9.8epss 0.02
IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454.
- risk 0.64cvss 9.8epss 0.03
The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).
- risk 0.64cvss 9.8epss 0.01
Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N.
- risk 0.64cvss 9.8epss 0.01
NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1.
- risk 0.64cvss 9.8epss 0.03
A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an…
- risk 0.64cvss 9.8epss 0.03
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.
- risk 0.64cvss 9.8epss 0.02
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.
- risk 0.59cvss 9.1epss 0.01
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write…
- risk 0.64cvss 9.8epss 0.01
OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1.
- risk 0.64cvss 9.8epss 0.01
QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0.
- risk 0.64cvss 9.8epss 0.01
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.
- risk 0.59cvss 9.8epss 0.31
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
- risk 0.61cvss 9.4epss 0.02
A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based…
- risk 0.64cvss 9.8epss 0.02
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls.…
- risk 0.64cvss 9.8epss 0.05
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input.…
- risk 0.69cvss 9.8epss 0.72
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
- risk 0.64cvss 9.8epss 0.02
The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no…
- risk 0.00cvss 9.8epss 0.06
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption…
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.
- risk 0.64cvss 9.8epss 0.06
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php.
- risk 0.64cvss 9.8epss 0.02
SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.
- risk 0.64cvss 9.8epss 0.02
SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.
- risk 0.64cvss 9.8epss 0.03
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user.
- risk 0.64cvss 9.1epss 0.66
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could…
- risk 0.64cvss 9.8epss 0.03
Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code.
- risk 0.64cvss 9.9epss 0.02
Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the…
- risk 0.64cvss 9.9epss 0.02
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to…
- risk 0.64cvss 9.9epss 0.02
Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to…
- risk 0.65cvss 9.9epss 0.02
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts…
- risk 0.64cvss 9.8epss 0.02
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.
- risk 0.64cvss 9.8epss 0.01
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.
- risk 0.67cvss 9.8epss 0.08
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.
- risk 0.64cvss 9.8epss 0.04
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
- risk 0.64cvss 9.8epss 0.04
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
- risk 0.64cvss 9.8epss 0.03
Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors.