| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-24652 | Cri | 0.64 | 9.8 | 0.07 | Oct 19, 2020 | A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||
| CVE-2020-24651 | Cri | 0.64 | 9.8 | 0.07 | Oct 19, 2020 | A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||
| CVE-2020-24650 | Cri | 0.64 | 9.8 | 0.07 | Oct 19, 2020 | A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||
| CVE-2020-24649 | Cri | 0.64 | 9.8 | 0.04 | Oct 19, 2020 | A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||
| CVE-2020-24648 | Cri | 0.65 | 9.8 | 0.11 | Oct 19, 2020 | A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||
| CVE-2020-24647 | Cri | 0.64 | 9.8 | 0.04 | Oct 19, 2020 | A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||
| CVE-2020-24646 | Cri | 0.64 | 9.8 | 0.07 | Oct 19, 2020 | A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||
| CVE-2020-24629 | Cri | 0.64 | 9.8 | 0.03 | Oct 19, 2020 | A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||
| CVE-2020-16159 | Cri | 0.59 | 9.1 | 0.02 | Oct 19, 2020 | GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Parsing malicious input can result in a crash or information disclosure. | ||
| CVE-2020-27197 | — | Cri | 0.57 | 9.8 | 0.02 | Oct 17, 2020 | TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method… | |
| CVE-2020-9918 | Cri | 0.64 | 9.8 | 0.03 | Oct 16, 2020 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | ||
| CVE-2020-9895 | Cri | 0.64 | 9.8 | 0.04 | Oct 16, 2020 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause… | ||
| CVE-2020-9864 | Cri | 0.64 | 9.8 | 0.02 | Oct 16, 2020 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. | ||
| CVE-2020-26944 | Cri | 0.64 | 9.8 | 0.01 | Oct 16, 2020 | An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited directly, and remotely. | ||
| CVE-2019-19885 | Cri | 0.59 | 9.1 | 0.01 | Oct 16, 2020 | In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices… | ||
| CVE-2019-19513 | — | Cri | 0.64 | 9.8 | 0.03 | Oct 16, 2020 | The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service. | |
| CVE-2020-26943 | — | Cri | 0.65 | 9.9 | 0.03 | Oct 16, 2020 | An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used).… | |
| CVE-2019-17640 | — | Cri | 0.57 | 9.8 | 0.02 | Oct 15, 2020 | In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the… | |
| CVE-2020-12504 | Cri | 0.64 | 9.8 | 0.03 | Oct 15, 2020 | Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3… | ||
| CVE-2020-12501 | Cri | 0.64 | 9.8 | 0.03 | Oct 15, 2020 | Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts. | ||
| CVE-2020-12500 | Cri | 0.64 | 9.8 | 0.03 | Oct 15, 2020 | Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration. | ||
| CVE-2020-4499 | Cri | 0.64 | 9.8 | 0.01 | Oct 15, 2020 | IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. | ||
| CVE-2020-27156 | Cri | 0.64 | 9.8 | 0.02 | Oct 15, 2020 | Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user. | ||
| CVE-2020-6364 | Cri | 0.66 | 10.0 | 0.06 | Oct 15, 2020 | SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise… | ||
| CVE-2020-8349 | Cri | 0.64 | 9.8 | 0.02 | Oct 14, 2020 | An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is… | ||
| CVE-2020-0376 | Cri | 0.59 | 9.1 | 0.01 | Oct 14, 2020 | There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163003156 | ||
| CVE-2020-0371 | Cri | 0.59 | 9.1 | 0.01 | Oct 14, 2020 | There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008256 | ||
| CVE-2020-0367 | Cri | 0.59 | 9.1 | 0.00 | Oct 14, 2020 | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455 | ||
| CVE-2020-0339 | Cri | 0.59 | 9.1 | 0.01 | Oct 14, 2020 | There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980705 | ||
| CVE-2020-0283 | Cri | 0.59 | 9.1 | 0.01 | Oct 14, 2020 | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257 | ||
| CVE-2020-13957 | — | Cri | 0.63 | 9.8 | 0.79 | Oct 13, 2020 | Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to… | |
| CVE-2020-17407 | Cri | 0.64 | 9.8 | 0.07 | Oct 13, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of authentication headers. The… | ||
| CVE-2019-17444 | Cri | 0.62 | 9.8 | 0.69 | Oct 12, 2020 | Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions… | ||
| CVE-2020-26867 | Cri | 0.64 | 9.8 | 0.04 | Oct 12, 2020 | ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server. | ||
| CVE-2020-5135 | Cri | 0.78 | 9.8 | 0.27 | KEV | Oct 12, 2020 | A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv… | |
| CVE-2020-26948 | Cri | 0.74 | 9.8 | 0.87 | Oct 10, 2020 | Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. | ||
| CVE-2020-26935 | — | Cri | 0.69 | 9.8 | 0.67 | Oct 10, 2020 | An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. | |
| CVE-2020-26928 | Cri | 0.62 | 9.6 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | ||
| CVE-2020-26927 | Cri | 0.61 | 9.4 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before… | ||
| CVE-2020-26926 | Cri | 0.62 | 9.6 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | ||
| CVE-2020-26919 | Cri | 0.80 | 9.8 | 0.57 | KEV | Oct 9, 2020 | NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. | |
| CVE-2020-26908 | Cri | 0.61 | 9.4 | 0.02 | Oct 9, 2020 | Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6050 before 1.0.1.22, JR6150 before 1.0.1.22, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before… | ||
| CVE-2020-26907 | Cri | 0.63 | 9.6 | 0.02 | Oct 9, 2020 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. | ||
| CVE-2020-26906 | Cri | 0.62 | 9.6 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | ||
| CVE-2020-26905 | Cri | 0.62 | 9.6 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | ||
| CVE-2020-26904 | Cri | 0.62 | 9.6 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | ||
| CVE-2020-26903 | Cri | 0.62 | 9.6 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | ||
| CVE-2020-26902 | Cri | 0.63 | 9.6 | 0.02 | Oct 9, 2020 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | ||
| CVE-2020-26901 | Cri | 0.62 | 9.6 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | ||
| CVE-2020-26900 | Cri | 0.62 | 9.6 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. |
- risk 0.64cvss 9.8epss 0.07
A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
- risk 0.64cvss 9.8epss 0.07
A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
- risk 0.64cvss 9.8epss 0.07
A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
- risk 0.64cvss 9.8epss 0.04
A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
- risk 0.65cvss 9.8epss 0.11
A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
- risk 0.64cvss 9.8epss 0.04
A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
- risk 0.64cvss 9.8epss 0.07
A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
- risk 0.64cvss 9.8epss 0.03
A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
- risk 0.59cvss 9.1epss 0.02
GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Parsing malicious input can result in a crash or information disclosure.
- risk 0.57cvss 9.8epss 0.02
TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method…
- risk 0.64cvss 9.8epss 0.03
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
- risk 0.64cvss 9.8epss 0.04
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause…
- risk 0.64cvss 9.8epss 0.02
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited directly, and remotely.
- risk 0.59cvss 9.1epss 0.01
In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices…
- risk 0.64cvss 9.8epss 0.03
The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service.
- risk 0.65cvss 9.9epss 0.03
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used).…
- risk 0.57cvss 9.8epss 0.02
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the…
- risk 0.64cvss 9.8epss 0.03
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3…
- risk 0.64cvss 9.8epss 0.03
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
- risk 0.64cvss 9.8epss 0.03
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration.
- risk 0.64cvss 9.8epss 0.01
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.
- risk 0.64cvss 9.8epss 0.02
Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user.
- risk 0.66cvss 10.0epss 0.06
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise…
- risk 0.64cvss 9.8epss 0.02
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is…
- risk 0.59cvss 9.1epss 0.01
There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163003156
- risk 0.59cvss 9.1epss 0.01
There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008256
- risk 0.59cvss 9.1epss 0.00
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455
- risk 0.59cvss 9.1epss 0.01
There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980705
- risk 0.59cvss 9.1epss 0.01
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257
- risk 0.63cvss 9.8epss 0.79
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to…
- risk 0.64cvss 9.8epss 0.07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of authentication headers. The…
- risk 0.62cvss 9.8epss 0.69
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions…
- risk 0.64cvss 9.8epss 0.04
ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.
- risk 0.78cvss 9.8epss 0.27
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv…
- risk 0.74cvss 9.8epss 0.87
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.
- risk 0.69cvss 9.8epss 0.67
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
- risk 0.62cvss 9.6epss 0.01
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.
- risk 0.61cvss 9.4epss 0.01
Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before…
- risk 0.62cvss 9.6epss 0.01
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.
- risk 0.80cvss 9.8epss 0.57
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.
- risk 0.61cvss 9.4epss 0.02
Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6050 before 1.0.1.22, JR6150 before 1.0.1.22, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before…
- risk 0.63cvss 9.6epss 0.02
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.
- risk 0.62cvss 9.6epss 0.01
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.
- risk 0.62cvss 9.6epss 0.01
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.
- risk 0.62cvss 9.6epss 0.01
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.
- risk 0.62cvss 9.6epss 0.01
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.
- risk 0.63cvss 9.6epss 0.02
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.
- risk 0.62cvss 9.6epss 0.01
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.
- risk 0.62cvss 9.6epss 0.01
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.