| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-27739 | Cri | 0.64 | 9.8 | 0.02 | Oct 28, 2020 | A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread. | ||
| CVE-2020-16263 | Cri | 0.59 | 9.1 | 0.01 | Oct 28, 2020 | Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins. | ||
| CVE-2020-16259 | Cri | 0.64 | 9.8 | 0.02 | Oct 28, 2020 | Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user. | ||
| CVE-2018-19949 | Cri | 0.84 | 9.8 | 0.24 | KEV | Oct 28, 2020 | If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS… | |
| CVE-2020-16257 | Cri | 0.64 | 9.8 | 0.04 | Oct 28, 2020 | Winston 1.5.4 devices are vulnerable to command injection via the API. | ||
| CVE-2020-27976 | Cri | 0.64 | 9.8 | 0.07 | Oct 28, 2020 | osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option. | ||
| CVE-2020-8239 | Cri | 0.64 | 9.8 | 0.02 | Oct 28, 2020 | A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC. | ||
| CVE-2020-27956 | Cri | 0.64 | 9.8 | 0.05 | Oct 28, 2020 | An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root). | ||
| CVE-2020-9866 | Cri | 0.64 | 9.8 | 0.02 | Oct 27, 2020 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A buffer overflow may result in arbitrary code execution. | ||
| CVE-2019-8531 | Cri | 0.64 | 9.8 | 0.01 | Oct 27, 2020 | A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server… | ||
| CVE-2020-27160 | Cri | 0.64 | 9.8 | 0.05 | Oct 27, 2020 | Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3). | ||
| CVE-2020-27159 | Cri | 0.64 | 9.8 | 0.06 | Oct 27, 2020 | Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114 | ||
| CVE-2020-27158 | Cri | 0.64 | 9.8 | 0.07 | Oct 27, 2020 | Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. | ||
| CVE-2020-25765 | Cri | 0.64 | 9.8 | 0.06 | Oct 27, 2020 | Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140. | ||
| CVE-2020-12830 | Cri | 0.64 | 9.8 | 0.03 | Oct 27, 2020 | Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114. | ||
| CVE-2019-8767 | Cri | 0.64 | 9.8 | 0.01 | Oct 27, 2020 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Processing a maliciously crafted string may lead to heap corruption. | ||
| CVE-2019-8756 | Cri | 0.64 | 9.8 | 0.01 | Oct 27, 2020 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006,… | ||
| CVE-2019-8749 | Cri | 0.64 | 9.8 | 0.01 | Oct 27, 2020 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006,… | ||
| CVE-2019-8746 | Cri | 0.64 | 9.8 | 0.03 | Oct 27, 2020 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes… | ||
| CVE-2019-8716 | Cri | 0.64 | 9.8 | 0.02 | Oct 27, 2020 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges. | ||
| CVE-2019-8712 | Cri | 0.64 | 9.8 | 0.03 | Oct 27, 2020 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges. | ||
| CVE-2019-8581 | Cri | 0.64 | 9.8 | 0.02 | Oct 27, 2020 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to leak memory. | ||
| CVE-2019-8578 | Cri | 0.64 | 9.8 | 0.03 | Oct 27, 2020 | A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution. | ||
| CVE-2019-8572 | Cri | 0.64 | 9.8 | 0.03 | Oct 27, 2020 | A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution. | ||
| CVE-2019-8547 | Cri | 0.64 | 9.8 | 0.02 | Oct 27, 2020 | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave… | ||
| CVE-2019-7288 | Cri | 0.64 | 9.8 | 0.01 | Oct 27, 2020 | The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos . | ||
| CVE-2018-4296 | Cri | 0.64 | 9.8 | 0.01 | Oct 27, 2020 | This issue is fixed in macOS Mojave 10.14. A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. | ||
| CVE-2020-27853 | Cri | 0.64 | 9.8 | 0.04 | Oct 27, 2020 | Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before… | ||
| CVE-2020-11854 | Cri | 0.73 | 9.8 | 0.74 | Oct 27, 2020 | Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance… | ||
| CVE-2020-10256 | Cri | 0.64 | 9.8 | 0.01 | Oct 27, 2020 | An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted… | ||
| CVE-2020-27183 | Cri | 0.64 | 9.8 | 0.01 | Oct 27, 2020 | A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact. | ||
| CVE-2020-27179 | Cri | 0.64 | 9.8 | 0.01 | Oct 27, 2020 | konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens. | ||
| CVE-2020-27743 | Cri | 0.00 | 9.8 | 0.02 | Oct 26, 2020 | libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id. | ||
| CVE-2020-26879 | Cri | 0.67 | 9.8 | 0.42 | Oct 26, 2020 | Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header. | ||
| CVE-2020-15271 | Cri | 0.54 | 9.3 | 0.02 | Oct 26, 2020 | In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is… | ||
| CVE-2020-7197 | Cri | 0.64 | 9.8 | 0.02 | Oct 26, 2020 | SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console… | ||
| CVE-2020-7127 | Cri | 0.64 | 9.8 | 0.02 | Oct 26, 2020 | A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | ||
| CVE-2020-7124 | Cri | 0.64 | 9.8 | 0.01 | Oct 26, 2020 | A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | ||
| CVE-2020-18766 | Cri | 0.62 | 9.6 | 0.01 | Oct 26, 2020 | A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands. | ||
| CVE-2020-27678 | Cri | 0.00 | 9.8 | 0.01 | Oct 26, 2020 | An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c. | ||
| CVE-2020-25483 | Cri | 0.64 | 9.8 | 0.09 | Oct 23, 2020 | An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. | ||
| CVE-2020-25466 | Cri | 0.64 | 9.8 | 0.02 | Oct 23, 2020 | A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. | ||
| CVE-2020-15684 | Cri | 0.64 | 9.8 | 0.01 | Oct 22, 2020 | Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82. | ||
| CVE-2020-15683 | Cri | 0.64 | 9.8 | 0.03 | Oct 22, 2020 | Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This… | ||
| CVE-2019-17006 | Cri | 0.64 | 9.8 | 0.04 | Oct 22, 2020 | In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. | ||
| CVE-2020-9920 | Cri | 0.59 | 9.1 | 0.02 | Oct 22, 2020 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files. | ||
| CVE-2020-9906 | Cri | 0.60 | 9.1 | 0.05 | Oct 22, 2020 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | ||
| CVE-2020-27664 | — | Cri | 0.00 | 9.8 | 0.02 | Oct 22, 2020 | admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality. | |
| CVE-2019-16127 | Cri | 0.59 | 9.1 | 0.02 | Oct 22, 2020 | Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow. | ||
| CVE-2020-9898 | Cri | 0.64 | 9.8 | 0.01 | Oct 22, 2020 | This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed process may be able to circumvent sandbox restrictions. |
- risk 0.64cvss 9.8epss 0.02
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
- risk 0.59cvss 9.1epss 0.01
Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins.
- risk 0.64cvss 9.8epss 0.02
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user.
- risk 0.84cvss 9.8epss 0.24
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS…
- risk 0.64cvss 9.8epss 0.04
Winston 1.5.4 devices are vulnerable to command injection via the API.
- risk 0.64cvss 9.8epss 0.07
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.
- risk 0.64cvss 9.8epss 0.02
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC.
- risk 0.64cvss 9.8epss 0.05
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).
- risk 0.64cvss 9.8epss 0.02
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A buffer overflow may result in arbitrary code execution.
- risk 0.64cvss 9.8epss 0.01
A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server…
- risk 0.64cvss 9.8epss 0.05
Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3).
- risk 0.64cvss 9.8epss 0.06
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114
- risk 0.64cvss 9.8epss 0.07
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114.
- risk 0.64cvss 9.8epss 0.06
Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140.
- risk 0.64cvss 9.8epss 0.03
Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114.
- risk 0.64cvss 9.8epss 0.01
A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Processing a maliciously crafted string may lead to heap corruption.
- risk 0.64cvss 9.8epss 0.01
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006,…
- risk 0.64cvss 9.8epss 0.01
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006,…
- risk 0.64cvss 9.8epss 0.03
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes…
- risk 0.64cvss 9.8epss 0.02
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges.
- risk 0.64cvss 9.8epss 0.03
A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges.
- risk 0.64cvss 9.8epss 0.02
An out-of-bounds read was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to leak memory.
- risk 0.64cvss 9.8epss 0.03
A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution.
- risk 0.64cvss 9.8epss 0.03
A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution.
- risk 0.64cvss 9.8epss 0.02
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave…
- risk 0.64cvss 9.8epss 0.01
The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos .
- risk 0.64cvss 9.8epss 0.01
This issue is fixed in macOS Mojave 10.14. A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks.
- risk 0.64cvss 9.8epss 0.04
Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before…
- risk 0.73cvss 9.8epss 0.74
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted…
- risk 0.64cvss 9.8epss 0.01
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.
- risk 0.64cvss 9.8epss 0.01
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.
- risk 0.00cvss 9.8epss 0.02
libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.
- risk 0.67cvss 9.8epss 0.42
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.
- risk 0.54cvss 9.3epss 0.02
In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is…
- risk 0.64cvss 9.8epss 0.02
SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console…
- risk 0.64cvss 9.8epss 0.02
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
- risk 0.64cvss 9.8epss 0.01
A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
- risk 0.62cvss 9.6epss 0.01
A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands.
- risk 0.00cvss 9.8epss 0.01
An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.
- risk 0.64cvss 9.8epss 0.09
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
- risk 0.64cvss 9.8epss 0.02
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.
- risk 0.64cvss 9.8epss 0.01
Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82.
- risk 0.64cvss 9.8epss 0.03
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…
- risk 0.64cvss 9.8epss 0.04
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
- risk 0.59cvss 9.1epss 0.02
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files.
- risk 0.60cvss 9.1epss 0.05
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
- risk 0.00cvss 9.8epss 0.02
admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality.
- risk 0.59cvss 9.1epss 0.02
Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.
- risk 0.64cvss 9.8epss 0.01
This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed process may be able to circumvent sandbox restrictions.