| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-28642 | Cri | 0.64 | 9.8 | 0.03 | Nov 16, 2020 | In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks. | ||
| CVE-2020-8271 | Cri | 0.65 | 9.8 | 0.11 | Nov 16, 2020 | Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 | ||
| CVE-2020-28638 | Cri | 0.64 | 9.8 | 0.01 | Nov 13, 2020 | ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb {W] Detected DISPLAY, but only pinentry-curses is found." as the encryption key. | ||
| CVE-2020-13638 | Cri | 0.70 | 9.8 | 0.77 | Nov 13, 2020 | lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7. | ||
| CVE-2020-12338 | Cri | 0.64 | 9.8 | 0.02 | Nov 13, 2020 | Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||
| CVE-2020-24719 | Cri | 0.69 | 9.8 | 0.23 | Nov 12, 2020 | Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie… | ||
| CVE-2020-13877 | Cri | 0.64 | 9.8 | 0.02 | Nov 12, 2020 | SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure. | ||
| CVE-2020-13774 | Cri | 0.65 | 9.9 | 0.05 | Nov 12, 2020 | An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and… | ||
| CVE-2020-12315 | Cri | 0.64 | 9.8 | 0.02 | Nov 12, 2020 | Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||
| CVE-2020-8752 | Cri | 0.64 | 9.8 | 0.02 | Nov 12, 2020 | Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access. | ||
| CVE-2020-8747 | Cri | 0.59 | 9.1 | 0.02 | Nov 12, 2020 | Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. | ||
| CVE-2020-7472 | Cri | 0.64 | 9.8 | 0.03 | Nov 12, 2020 | An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted… | ||
| CVE-2020-28271 | Cri | 0.57 | 9.8 | 0.03 | Nov 12, 2020 | Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. | ||
| CVE-2020-28270 | Cri | 0.57 | 9.8 | 0.04 | Nov 12, 2020 | Prototype pollution vulnerability in 'object-hierarchy-access' versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution. | ||
| CVE-2020-28269 | — | Cri | 0.64 | 9.8 | 0.04 | Nov 12, 2020 | Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | |
| CVE-2020-27481 | Cri | 0.65 | 9.8 | 0.11 | Nov 12, 2020 | An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent… | ||
| CVE-2020-3639 | Cri | 0.64 | 9.8 | 0.01 | Nov 12, 2020 | u'When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in… | ||
| CVE-2020-11196 | Cri | 0.64 | 9.8 | 0.01 | Nov 12, 2020 | u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in… | ||
| CVE-2020-11193 | Cri | 0.64 | 9.8 | 0.01 | Nov 12, 2020 | u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in… | ||
| CVE-2020-11184 | Cri | 0.64 | 9.8 | 0.01 | Nov 12, 2020 | u'Possible buffer overflow will occur in video while parsing mp4 clip with crafted esds atom size.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDX55, SDX55M,… | ||
| CVE-2020-11168 | Cri | 0.64 | 9.8 | 0.01 | Nov 12, 2020 | u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon… | ||
| CVE-2020-5426 | Cri | 0.64 | 9.8 | 0.01 | Nov 11, 2020 | Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted… | ||
| CVE-2020-17051 | Cri | 0.64 | 9.8 | 0.10 | Nov 11, 2020 | Windows Network File System Remote Code Execution Vulnerability | ||
| CVE-2020-26824 | Cri | 0.65 | 10.0 | 0.01 | Nov 10, 2020 | SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service. | ||
| CVE-2020-26823 | Cri | 0.65 | 10.0 | 0.01 | Nov 10, 2020 | SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service. | ||
| CVE-2020-26822 | Cri | 0.65 | 10.0 | 0.01 | Nov 10, 2020 | SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service. | ||
| CVE-2020-26821 | Cri | 0.65 | 10.0 | 0.01 | Nov 10, 2020 | SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service. | ||
| CVE-2020-25074 | — | Cri | 0.57 | 9.8 | 0.06 | Nov 10, 2020 | The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. | |
| CVE-2020-13927 | — | Cri | 0.16 | 9.8 | 1.00 | KEV | Nov 10, 2020 | The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at… |
| CVE-2020-24384 | Cri | 0.64 | 9.8 | 0.03 | Nov 10, 2020 | A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected.… | ||
| CVE-2020-0452 | Cri | 0.64 | 9.8 | 0.03 | Nov 10, 2020 | In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User… | ||
| CVE-2020-0447 | Cri | 0.64 | 9.8 | 0.01 | Nov 10, 2020 | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168251617 | ||
| CVE-2020-0446 | Cri | 0.64 | 9.8 | 0.01 | Nov 10, 2020 | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264528 | ||
| CVE-2020-0445 | Cri | 0.64 | 9.8 | 0.01 | Nov 10, 2020 | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264527 | ||
| CVE-2020-28371 | Cri | 0.57 | 9.8 | 0.02 | Nov 9, 2020 | An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. The FileOutputStream.write() method in FileOutputStream.java has a boundary check to prevent out-of-bounds memory read/write operations. However, an integer overflow leads to bypassing this check and achieving… | ||
| CVE-2020-26168 | Cri | 0.64 | 9.8 | 0.02 | Nov 9, 2020 | The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they… | ||
| CVE-2020-14189 | Cri | 0.64 | 9.8 | 0.02 | Nov 9, 2020 | The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment. | ||
| CVE-2020-14188 | Cri | 0.64 | 9.8 | 0.03 | Nov 9, 2020 | The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue. | ||
| CVE-2020-26542 | Cri | 0.64 | 9.8 | 0.02 | Nov 9, 2020 | An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a… | ||
| CVE-2020-23138 | Cri | 0.64 | 9.8 | 0.01 | Nov 9, 2020 | An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension. | ||
| CVE-2020-24407 | Cri | 0.60 | 9.1 | 0.06 | Nov 9, 2020 | Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import… | ||
| CVE-2020-28347 | Cri | 0.66 | 9.8 | 0.74 | Nov 8, 2020 | tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled. | ||
| CVE-2020-28340 | Cri | 0.64 | 9.8 | 0.00 | Nov 8, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020-18546 (November 2020). | ||
| CVE-2020-3284 | Cri | 0.64 | 9.8 | 0.03 | Nov 6, 2020 | A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS… | ||
| CVE-2020-26214 | — | Cri | 0.57 | 9.1 | 0.66 | Nov 6, 2020 | In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication… | |
| CVE-2020-25172 | Cri | 0.64 | 9.8 | 0.02 | Nov 6, 2020 | A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files. | ||
| CVE-2020-26892 | — | Cri | 0.57 | 9.8 | 0.02 | Nov 6, 2020 | The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. | |
| CVE-2020-25592 | — | Cri | 0.71 | 9.8 | 0.57 | Nov 6, 2020 | In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH. | |
| CVE-2020-16846 | — | Cri | 0.87 | 9.8 | 1.00 | KEV | Nov 6, 2020 | An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. |
| CVE-2020-28250 | Cri | 0.64 | 9.8 | 0.03 | Nov 6, 2020 | Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side. |
- risk 0.64cvss 9.8epss 0.03
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.
- risk 0.65cvss 9.8epss 0.11
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
- risk 0.64cvss 9.8epss 0.01
ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb {W] Detected DISPLAY, but only pinentry-curses is found." as the encryption key.
- risk 0.70cvss 9.8epss 0.77
lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.
- risk 0.64cvss 9.8epss 0.02
Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
- risk 0.69cvss 9.8epss 0.23
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie…
- risk 0.64cvss 9.8epss 0.02
SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure.
- risk 0.65cvss 9.9epss 0.05
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and…
- risk 0.64cvss 9.8epss 0.02
Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
- risk 0.64cvss 9.8epss 0.02
Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.
- risk 0.59cvss 9.1epss 0.02
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.
- risk 0.64cvss 9.8epss 0.03
An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted…
- risk 0.57cvss 9.8epss 0.03
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.
- risk 0.57cvss 9.8epss 0.04
Prototype pollution vulnerability in 'object-hierarchy-access' versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution.
- risk 0.64cvss 9.8epss 0.04
Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.
- risk 0.65cvss 9.8epss 0.11
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent…
- risk 0.64cvss 9.8epss 0.01
u'When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in…
- risk 0.64cvss 9.8epss 0.01
u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in…
- risk 0.64cvss 9.8epss 0.01
u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in…
- risk 0.64cvss 9.8epss 0.01
u'Possible buffer overflow will occur in video while parsing mp4 clip with crafted esds atom size.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDX55, SDX55M,…
- risk 0.64cvss 9.8epss 0.01
u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…
- risk 0.64cvss 9.8epss 0.01
Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted…
- risk 0.64cvss 9.8epss 0.10
Windows Network File System Remote Code Execution Vulnerability
- risk 0.65cvss 10.0epss 0.01
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service.
- risk 0.65cvss 10.0epss 0.01
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service.
- risk 0.65cvss 10.0epss 0.01
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service.
- risk 0.65cvss 10.0epss 0.01
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service.
- risk 0.57cvss 9.8epss 0.06
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
- risk 0.16cvss 9.8epss 1.00
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at…
- risk 0.64cvss 9.8epss 0.03
A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected.…
- risk 0.64cvss 9.8epss 0.03
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User…
- risk 0.64cvss 9.8epss 0.01
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168251617
- risk 0.64cvss 9.8epss 0.01
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264528
- risk 0.64cvss 9.8epss 0.01
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264527
- risk 0.57cvss 9.8epss 0.02
An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. The FileOutputStream.write() method in FileOutputStream.java has a boundary check to prevent out-of-bounds memory read/write operations. However, an integer overflow leads to bypassing this check and achieving…
- risk 0.64cvss 9.8epss 0.02
The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they…
- risk 0.64cvss 9.8epss 0.02
The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment.
- risk 0.64cvss 9.8epss 0.03
The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a…
- risk 0.64cvss 9.8epss 0.01
An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.
- risk 0.60cvss 9.1epss 0.06
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import…
- risk 0.66cvss 9.8epss 0.74
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled.
- risk 0.64cvss 9.8epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020-18546 (November 2020).
- risk 0.64cvss 9.8epss 0.03
A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS…
- risk 0.57cvss 9.1epss 0.66
In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication…
- risk 0.64cvss 9.8epss 0.02
A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files.
- risk 0.57cvss 9.8epss 0.02
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
- risk 0.71cvss 9.8epss 0.57
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
- risk 0.87cvss 9.8epss 1.00
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
- risk 0.64cvss 9.8epss 0.03
Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side.