| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-10803 | — | Cri | 0.64 | 9.8 | 0.03 | Feb 28, 2020 | push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands. | |
| CVE-2019-10802 | Cri | 0.57 | 9.8 | 0.02 | Feb 28, 2020 | giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation. | ||
| CVE-2019-10801 | — | Cri | 0.64 | 9.8 | 0.03 | Feb 28, 2020 | enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization. | |
| CVE-2020-9465 | Cri | 0.73 | 9.8 | 0.82 | Feb 28, 2020 | An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie. | ||
| CVE-2020-8132 | — | Cri | 0.64 | 9.8 | 0.02 | Feb 28, 2020 | Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input. | |
| CVE-2019-15609 | — | Cri | 0.64 | 9.8 | 0.04 | Feb 28, 2020 | The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability. | |
| CVE-2020-9434 | Cri | 0.00 | 9.1 | 0.01 | Feb 27, 2020 | openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | ||
| CVE-2020-9433 | Cri | 0.00 | 9.1 | 0.01 | Feb 27, 2020 | openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | ||
| CVE-2020-9432 | Cri | 0.00 | 9.1 | 0.01 | Feb 27, 2020 | openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | ||
| CVE-2020-7043 | Cri | 0.52 | 9.1 | 0.02 | Feb 27, 2020 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. | ||
| CVE-2019-17275 | Cri | 0.64 | 9.8 | 0.03 | Feb 26, 2020 | OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers. | ||
| CVE-2019-19994 | Cri | 0.64 | 9.8 | 0.05 | Feb 26, 2020 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page… | ||
| CVE-2020-9406 | Cri | 0.64 | 9.8 | 0.01 | Feb 26, 2020 | IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. | ||
| CVE-2020-9398 | Cri | 0.64 | 9.8 | 0.01 | Feb 25, 2020 | ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection. | ||
| CVE-2015-0565 | Cri | 0.69 | 10.0 | 0.13 | Feb 25, 2020 | NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible. | ||
| CVE-2016-11020 | Cri | 0.57 | 9.8 | 0.03 | Feb 25, 2020 | Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution. | ||
| CVE-2020-8794 | Cri | 0.74 | 9.8 | 0.89 | Feb 25, 2020 | OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client… | ||
| CVE-2019-5138 | Cri | 0.65 | 9.9 | 0.05 | Feb 25, 2020 | An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the… | ||
| CVE-2020-1938 | — | Cri | 0.87 | 9.8 | 0.99 | KEV | Feb 24, 2020 | When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be… |
| CVE-2020-9374 | Cri | 0.70 | 9.8 | 0.42 | Feb 24, 2020 | On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature. | ||
| CVE-2019-12511 | Cri | 0.64 | 9.8 | 0.02 | Feb 24, 2020 | In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced… | ||
| CVE-2019-12510 | Cri | 0.59 | 9.1 | 0.01 | Feb 24, 2020 | In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a… | ||
| CVE-2018-14705 | Cri | 0.64 | 9.8 | 0.02 | Feb 24, 2020 | In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability… | ||
| CVE-2019-10796 | — | Cri | 0.64 | 9.8 | 0.03 | Feb 24, 2020 | rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization. | |
| CVE-2020-9366 | Cri | 0.64 | 9.8 | 0.03 | Feb 24, 2020 | A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. | ||
| CVE-2020-4222 | Cri | 0.65 | 9.8 | 0.15 | Feb 24, 2020 | IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175091. | ||
| CVE-2020-4213 | Cri | 0.65 | 9.8 | 0.15 | Feb 24, 2020 | IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175024. | ||
| CVE-2020-4212 | Cri | 0.65 | 9.8 | 0.15 | Feb 24, 2020 | IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175023. | ||
| CVE-2020-4211 | Cri | 0.69 | 9.8 | 0.71 | Feb 24, 2020 | IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022. | ||
| CVE-2020-4210 | Cri | 0.65 | 9.8 | 0.15 | Feb 24, 2020 | IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175020. | ||
| CVE-2019-20481 | Cri | 0.64 | 9.8 | 0.01 | Feb 24, 2020 | In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480. | ||
| CVE-2019-18183 | Cri | 0.64 | 9.8 | 0.04 | Feb 24, 2020 | pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an… | ||
| CVE-2019-18182 | Cri | 0.64 | 9.8 | 0.04 | Feb 24, 2020 | pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an… | ||
| CVE-2020-9355 | Cri | 0.00 | 9.8 | 0.02 | Feb 23, 2020 | danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled. | ||
| CVE-2020-9352 | Cri | 0.64 | 9.8 | 0.02 | Feb 23, 2020 | An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter. NOTE: the documentation states… | ||
| CVE-2020-9039 | Cri | 0.64 | 9.8 | 0.04 | Feb 22, 2020 | Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an… | ||
| CVE-2012-0828 | Cri | 0.64 | 9.8 | 0.04 | Feb 21, 2020 | Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic… | ||
| CVE-2020-6841 | Cri | 0.64 | 9.8 | 0.03 | Feb 21, 2020 | D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. | ||
| CVE-2016-4606 | Cri | 0.64 | 9.8 | 0.03 | Feb 21, 2020 | Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other… | ||
| CVE-2020-9015 | Cri | 0.68 | 9.8 | 0.16 | Feb 20, 2020 | Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue… | ||
| CVE-2020-8990 | Cri | 0.59 | 9.1 | 0.01 | Feb 20, 2020 | Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation. | ||
| CVE-2020-3765 | Cri | 0.64 | 9.8 | 0.06 | Feb 20, 2020 | Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2014-4650 | Cri | 0.69 | 9.8 | 0.25 | Feb 20, 2020 | The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character… | ||
| CVE-2014-4657 | — | Cri | 0.57 | 9.8 | 0.04 | Feb 20, 2020 | The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. | |
| CVE-2014-3484 | Cri | 0.64 | 9.8 | 0.02 | Feb 20, 2020 | Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service… | ||
| CVE-2014-4678 | — | Cri | 0.57 | 9.8 | 0.05 | Feb 20, 2020 | The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. | |
| CVE-2013-2018 | Cri | 0.64 | 9.8 | 0.02 | Feb 20, 2020 | Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2020-6970 | Cri | 0.64 | 9.8 | 0.03 | Feb 19, 2020 | A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise… | ||
| CVE-2020-3943 | Cri | 0.64 | 9.8 | 0.02 | Feb 19, 2020 | vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to… | ||
| CVE-2020-3158 | Cri | 0.59 | 9.1 | 0.03 | Feb 19, 2020 | A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default… |
- risk 0.64cvss 9.8epss 0.03
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands.
- risk 0.57cvss 9.8epss 0.02
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation.
- risk 0.64cvss 9.8epss 0.03
enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization.
- risk 0.73cvss 9.8epss 0.82
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie.
- risk 0.64cvss 9.8epss 0.02
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
- risk 0.64cvss 9.8epss 0.04
The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability.
- risk 0.00cvss 9.1epss 0.01
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
- risk 0.00cvss 9.1epss 0.01
openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
- risk 0.00cvss 9.1epss 0.01
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
- risk 0.52cvss 9.1epss 0.02
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.
- risk 0.64cvss 9.8epss 0.03
OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.
- risk 0.64cvss 9.8epss 0.05
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page…
- risk 0.64cvss 9.8epss 0.01
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
- risk 0.64cvss 9.8epss 0.01
ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection.
- risk 0.69cvss 10.0epss 0.13
NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.
- risk 0.57cvss 9.8epss 0.03
Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution.
- risk 0.74cvss 9.8epss 0.89
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client…
- risk 0.65cvss 9.9epss 0.05
An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the…
- risk 0.87cvss 9.8epss 0.99
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be…
- risk 0.70cvss 9.8epss 0.42
On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.
- risk 0.64cvss 9.8epss 0.02
In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced…
- risk 0.59cvss 9.1epss 0.01
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a…
- risk 0.64cvss 9.8epss 0.02
In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability…
- risk 0.64cvss 9.8epss 0.03
rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization.
- risk 0.64cvss 9.8epss 0.03
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.
- risk 0.65cvss 9.8epss 0.15
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175091.
- risk 0.65cvss 9.8epss 0.15
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175024.
- risk 0.65cvss 9.8epss 0.15
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175023.
- risk 0.69cvss 9.8epss 0.71
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022.
- risk 0.65cvss 9.8epss 0.15
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175020.
- risk 0.64cvss 9.8epss 0.01
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.
- risk 0.64cvss 9.8epss 0.04
pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an…
- risk 0.64cvss 9.8epss 0.04
pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an…
- risk 0.00cvss 9.8epss 0.02
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter. NOTE: the documentation states…
- risk 0.64cvss 9.8epss 0.04
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an…
- risk 0.64cvss 9.8epss 0.04
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic…
- risk 0.64cvss 9.8epss 0.03
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter.
- risk 0.64cvss 9.8epss 0.03
Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other…
- risk 0.68cvss 9.8epss 0.16
Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue…
- risk 0.59cvss 9.1epss 0.01
Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation.
- risk 0.64cvss 9.8epss 0.06
Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.69cvss 9.8epss 0.25
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character…
- risk 0.57cvss 9.8epss 0.04
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
- risk 0.64cvss 9.8epss 0.02
Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service…
- risk 0.57cvss 9.8epss 0.05
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.
- risk 0.64cvss 9.8epss 0.02
Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.03
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise…
- risk 0.64cvss 9.8epss 0.02
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to…
- risk 0.59cvss 9.1epss 0.03
A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default…