| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-17564 | Cri | 0.64 | 9.8 | 0.02 | Apr 1, 2019 | A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device. | ||
| CVE-2017-8023 | Cri | 0.64 | 9.8 | 0.06 | Apr 1, 2019 | EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service… | ||
| CVE-2019-5523 | Cri | 0.64 | 9.8 | 0.03 | Apr 1, 2019 | VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by… | ||
| CVE-2019-10686 | Cri | 0.65 | 10.0 | 0.02 | Apr 1, 2019 | An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled. | ||
| CVE-2019-5891 | Cri | 0.64 | 9.8 | 0.02 | Apr 1, 2019 | An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application. | ||
| CVE-2019-10684 | Cri | 0.64 | 9.8 | 0.02 | Apr 1, 2019 | Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code via the index.php?m=Admin&c=config&a=edit site_domain parameter. | ||
| CVE-2019-10672 | Cri | 0.00 | 9.8 | 0.02 | Mar 31, 2019 | treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions. | ||
| CVE-2019-10664 | Cri | 0.04 | 9.8 | 0.08 | Mar 31, 2019 | Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp. | ||
| CVE-2019-10661 | Cri | 0.64 | 9.8 | 0.02 | Mar 30, 2019 | On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. | ||
| CVE-2019-10655 | Cri | 0.68 | 9.8 | 0.15 | Mar 30, 2019 | Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a… | ||
| CVE-2019-10648 | Cri | 0.57 | 9.8 | 0.02 | Mar 30, 2019 | Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL. | ||
| CVE-2019-10647 | Cri | 0.64 | 9.8 | 0.07 | Mar 30, 2019 | ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.p… | ||
| CVE-2018-18766 | Cri | 0.64 | 9.8 | 0.01 | Mar 29, 2019 | An elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905. | ||
| CVE-2019-9918 | Cri | 0.59 | 9.1 | 0.01 | Mar 29, 2019 | An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database. | ||
| CVE-2019-10276 | Cri | 0.64 | 9.8 | 0.02 | Mar 29, 2019 | Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type. | ||
| CVE-2019-10269 | Cri | 0.00 | 9.8 | 0.03 | Mar 29, 2019 | BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file. | ||
| CVE-2019-10262 | Cri | 0.64 | 9.8 | 0.01 | Mar 28, 2019 | A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes. | ||
| CVE-2019-9204 | Cri | 0.65 | 9.8 | 0.20 | Mar 28, 2019 | SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. | ||
| CVE-2019-9203 | Cri | 0.65 | 9.8 | 0.20 | Mar 28, 2019 | Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API. | ||
| CVE-2019-9165 | Cri | 0.64 | 9.8 | 0.05 | Mar 28, 2019 | SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | ||
| CVE-2019-1003041 | Cri | 0.57 | 9.8 | 0.03 | Mar 28, 2019 | A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | ||
| CVE-2019-1003040 | Cri | 0.57 | 9.8 | 0.03 | Mar 28, 2019 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | ||
| CVE-2018-16529 | Cri | 0.64 | 9.8 | 0.02 | Mar 28, 2019 | A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password. | ||
| CVE-2017-18365 | Cri | 0.68 | 9.8 | 0.21 | Mar 28, 2019 | The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code.… | ||
| CVE-2019-0160 | Cri | 0.64 | 9.8 | 0.01 | Mar 27, 2019 | Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. | ||
| CVE-2018-12178 | Cri | 0.59 | 9.1 | 0.02 | Mar 27, 2019 | Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network. | ||
| CVE-2017-9626 | Cri | 0.64 | 9.8 | 0.02 | Mar 27, 2019 | Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication. | ||
| CVE-2019-1010257 | Cri | 0.59 | 9.1 | 0.04 | Mar 27, 2019 | An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to… | ||
| CVE-2019-10232 | Cri | 0.02 | 9.8 | 0.23 | Mar 27, 2019 | Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php. | ||
| CVE-2019-10231 | Cri | 0.00 | 9.8 | 0.02 | Mar 27, 2019 | Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php). | ||
| CVE-2018-19466 | Cri | 0.00 | 9.8 | 0.04 | Mar 27, 2019 | A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls. | ||
| CVE-2018-5926 | Cri | 0.59 | 9.1 | 0.01 | Mar 27, 2019 | A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier. | ||
| CVE-2018-5923 | Cri | 0.64 | 9.8 | 0.03 | Mar 27, 2019 | In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code. | ||
| CVE-2019-9863 | Cri | 0.64 | 9.8 | 0.02 | Mar 27, 2019 | Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an… | ||
| CVE-2019-5420 | — | Cri | 0.74 | 9.8 | 0.92 | Mar 27, 2019 | A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code… | |
| CVE-2019-10125 | Cri | 0.64 | 9.8 | 0.05 | Mar 27, 2019 | An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a… | ||
| CVE-2019-6569 | Cri | 0.59 | 9.1 | 0.01 | Mar 26, 2019 | The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their… | ||
| CVE-2019-10068 | Cri | 0.86 | 9.8 | 0.96 | KEV | Mar 26, 2019 | An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication… | |
| CVE-2010-5305 | Cri | 0.64 | 9.8 | 0.06 | Mar 26, 2019 | The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and… | ||
| CVE-2014-5401 | Cri | 0.64 | 9.8 | 0.05 | Mar 26, 2019 | Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet… | ||
| CVE-2014-5433 | Cri | 0.64 | 9.8 | 0.02 | Mar 26, 2019 | An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker… | ||
| CVE-2014-5432 | Cri | 0.64 | 9.8 | 0.03 | Mar 26, 2019 | Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue… | ||
| CVE-2014-5434 | Cri | 0.64 | 9.8 | 0.02 | Mar 26, 2019 | Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account.… | ||
| CVE-2019-10063 | Cri | 0.59 | 9.0 | 0.02 | Mar 26, 2019 | Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject… | ||
| CVE-2019-8981 | Cri | 0.64 | 9.8 | 0.03 | Mar 26, 2019 | tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged. | ||
| CVE-2019-7714 | Cri | 0.64 | 9.8 | 0.02 | Mar 26, 2019 | An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow. | ||
| CVE-2019-7713 | Cri | 0.64 | 9.8 | 0.02 | Mar 26, 2019 | An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. There is a heap-based buffer overflow in the function responsible for printing the shell prompt, when a custom modifier is used to display information such as a process ID, IP… | ||
| CVE-2019-10061 | Cri | 0.57 | 9.8 | 0.04 | Mar 26, 2019 | utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands. | ||
| CVE-2019-6538 | Cri | 0.61 | 9.3 | 0.01 | Mar 25, 2019 | The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D… | ||
| CVE-2017-7342 | Cri | 0.64 | 9.8 | 0.01 | Mar 25, 2019 | A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button |
- risk 0.64cvss 9.8epss 0.02
A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.
- risk 0.64cvss 9.8epss 0.06
EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service…
- risk 0.64cvss 9.8epss 0.03
VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by…
- risk 0.65cvss 10.0epss 0.02
An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application.
- risk 0.64cvss 9.8epss 0.02
Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code via the index.php?m=Admin&c=config&a=edit site_domain parameter.
- risk 0.00cvss 9.8epss 0.02
treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions.
- risk 0.04cvss 9.8epss 0.08
Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.
- risk 0.64cvss 9.8epss 0.02
On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password.
- risk 0.68cvss 9.8epss 0.15
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a…
- risk 0.57cvss 9.8epss 0.02
Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.
- risk 0.64cvss 9.8epss 0.07
ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.p…
- risk 0.64cvss 9.8epss 0.01
An elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905.
- risk 0.59cvss 9.1epss 0.01
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.
- risk 0.64cvss 9.8epss 0.02
Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type.
- risk 0.00cvss 9.8epss 0.03
BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.
- risk 0.64cvss 9.8epss 0.01
A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes.
- risk 0.65cvss 9.8epss 0.20
SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.
- risk 0.65cvss 9.8epss 0.20
Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.
- risk 0.64cvss 9.8epss 0.05
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
- risk 0.57cvss 9.8epss 0.03
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
- risk 0.57cvss 9.8epss 0.03
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
- risk 0.64cvss 9.8epss 0.02
A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password.
- risk 0.68cvss 9.8epss 0.21
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code.…
- risk 0.64cvss 9.8epss 0.01
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
- risk 0.59cvss 9.1epss 0.02
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
- risk 0.64cvss 9.8epss 0.02
Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication.
- risk 0.59cvss 9.1epss 0.04
An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to…
- risk 0.02cvss 9.8epss 0.23
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
- risk 0.00cvss 9.8epss 0.02
Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).
- risk 0.00cvss 9.8epss 0.04
A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls.
- risk 0.59cvss 9.1epss 0.01
A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier.
- risk 0.64cvss 9.8epss 0.03
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.
- risk 0.64cvss 9.8epss 0.02
Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an…
- risk 0.74cvss 9.8epss 0.92
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code…
- risk 0.64cvss 9.8epss 0.05
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a…
- risk 0.59cvss 9.1epss 0.01
The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their…
- risk 0.86cvss 9.8epss 0.96
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication…
- risk 0.64cvss 9.8epss 0.06
The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and…
- risk 0.64cvss 9.8epss 0.05
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet…
- risk 0.64cvss 9.8epss 0.02
An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker…
- risk 0.64cvss 9.8epss 0.03
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue…
- risk 0.64cvss 9.8epss 0.02
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account.…
- risk 0.59cvss 9.0epss 0.02
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject…
- risk 0.64cvss 9.8epss 0.03
tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. There is a heap-based buffer overflow in the function responsible for printing the shell prompt, when a custom modifier is used to display information such as a process ID, IP…
- risk 0.57cvss 9.8epss 0.04
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.
- risk 0.61cvss 9.3epss 0.01
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D…
- risk 0.64cvss 9.8epss 0.01
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button